This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 1 and 2
Revision 1 as of 2006-04-08 18:52:30
Size: 1323
Editor: RobMcGee
Comment:
Revision 2 as of 2006-06-10 16:38:25
Size: 2142
Editor: jflowers
Comment:
Deletions are marked like this. Additions are marked like this.
Line 21: Line 21:
=== Alternate Approach with perl ===
Unfortunately, mmencode on FreeBSD chokes on "\0". As an alternate, if you have MMIME::Base64 on your system, you can use a perl statement to do the same thing:
{{{
perl -MMIME::Base64 -e 'print encode_base64("myusername\@domain.tld\0myusername\@domain.tld\0mypassword");'
}}}
As mmencode -u doesn't encounter any "\0" you can also do:
{{{
perl -MMIME::Base64 -e 'print encode_base64("myusername\@domain.tld\0myusername\@domain.tld\0mypassword");' | mmencode -u
}}}
to check that you have encoded correctly.


Line 22: Line 35:

You can use mmencode -u to interpret the encoded string pasted into stdin as follows:
Line 23: Line 38:
$ echo "FIXME: I don't know how to do this."
FIXME: I don't know how to do this.
}}}
# mmencode -u
bXl1c2VybmFtZUBkb21haW4udGxkAG15dXNlcm5hbWVAZG9tYWluLnRsZABteXBhc3N3b3Jk<CR>
myusername@domain.tldmyusername@domain.tldmypassword<CTRL-D>
#
}}}
You should see the correct user address (twice) and password. The null bytes won't display.

Debugging Authentication

Numerous settings in dovecot.conf can assist in debugging authentication failures. These are described in the comments in the dovecot-example.conf file that is provided with the source distribution.

In addition it might be useful to know how to construct and to decode a PLAIN mechanism string. printf(1) and mmencode(1) should be available in most Unix or GNU/Linux systems. (If not, check with your distribution. GNU coreutils includes printf(1), and metamail includes mmencode(1).)

Example authentication string encoding

$ printf 'username\0username\0password' | mmencode
dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=

This string is what a client would use to attempt PLAIN authentication as user "username" with password "password." With verbose logging, specifically with auth_debug_passwords = yes, it would appear in your logs.

Alternate Approach with perl

Unfortunately, mmencode on FreeBSD chokes on "\0". As an alternate, if you have MMIME::Base64 on your system, you can use a perl statement to do the same thing:

perl -MMIME::Base64 -e 'print encode_base64("myusername\@domain.tld\0myusername\@domain.tld\0mypassword");'

As mmencode -u doesn't encounter any "\0" you can also do:

perl -MMIME::Base64 -e 'print encode_base64("myusername\@domain.tld\0myusername\@domain.tld\0mypassword");' | mmencode -u

to check that you have encoded correctly.

Example authentication string decoding

You can use mmencode -u to interpret the encoded string pasted into stdin as follows:

# mmencode -u
bXl1c2VybmFtZUBkb21haW4udGxkAG15dXNlcm5hbWVAZG9tYWluLnRsZABteXBhc3N3b3Jk<CR>
myusername@domain.tldmyusername@domain.tldmypassword<CTRL-D>
#

You should see the correct user address (twice) and password. The null bytes won't display.

None: Debugging/Authentication (last edited 2016-05-03 13:51:47 by adsl-ull-47-109)