This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 6 and 7
Revision 6 as of 2006-10-12 00:00:39
Size: 2186
Editor: NickLeverton
Comment:
Revision 7 as of 2006-11-05 18:47:12
Size: 1835
Editor: TimoSirainen
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## Please edit system and help pages ONLY in the moinmaster wiki! For more
## information, please see MoinMaster:MoinPagesEditorGroup.
##master-page:Troubleshooting
##master-date:Unknown-Date
##acl MoinPagesEditorGroup:read,write,delete,revert All:read
#format wiki
#language en
Line 9: Line 2:
Numerous settings in dovecot.conf can assist in debugging authentication failures. These are described in the comments in the dovecot-example.conf file that is provided with the source distribution.
Most important thing to do is to set `auth_debug=yes`, and preferrably also `auth_debug_passwords=yes`. After that you'll see exactly what dovecot-auth is doing in the logs.
Line 19: Line 13:
This string is what a client would use to attempt PLAIN authentication as user "username" with password "password." With verbose logging, specifically with ''auth_debug_passwords = yes'', it would appear in your logs. This string is what a client would use to attempt PLAIN authentication as user "username" with password "password." With `'auth_debug_passwords=yes`, it would appear in your logs.
Line 32: Line 26:

Debugging Authentication

Most important thing to do is to set auth_debug=yes, and preferrably also auth_debug_passwords=yes. After that you'll see exactly what dovecot-auth is doing in the logs.

In addition, it might be useful to know how to construct and to decode a PLAIN mechanism string. printf(1) and mmencode(1) should be available on most Unix or GNU/Linux systems. (If not, check with your distribution. GNU coreutils includes printf(1), and metamail includes mmencode(1). In Debian, mmencode is called mimencode(1).)

Example authentication string encoding

$ printf 'username\0username\0password' | mmencode
dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=

This string is what a client would use to attempt PLAIN authentication as user "username" with password "password." With 'auth_debug_passwords=yes, it would appear in your logs.

Alternate Approach with perl

Unfortunately, mmencode on FreeBSD chokes on "\0". As an alternate, if you have MIME::Base64 on your system, you can use a perl statement to do the same thing:

perl -MMIME::Base64 -e 'print encode_base64("myusername\@domain.tld\0myusername\@domain.tld\0mypassword");'

As mmencode -u doesn't encounter any "\0" you can also do:

perl -MMIME::Base64 -e 'print encode_base64("myusername\@domain.tld\0myusername\@domain.tld\0mypassword");' | mmencode -u

to check that you have encoded correctly.

Example authentication string decoding

You can use mmencode -u to interpret the encoded string pasted into stdin as follows:

# mmencode -u
bXl1c2VybmFtZUBkb21haW4udGxkAG15dXNlcm5hbWVAZG9tYWluLnRsZABteXBhc3N3b3Jk<CR>
myusername@domain.tldmyusername@domain.tldmypassword<CTRL-D>
#

You should see the correct user address (twice) and password. The null bytes won't display.

None: Debugging/Authentication (last edited 2016-05-03 13:51:47 by adsl-ull-47-109)