Authentication not working

Comments (1)

1. 

   Robert Obermeier reporter

   Ok I found the problem after digging around in the code and adding/using nasty exception drivem debugging

   I’ll try to talk key points here.

   • I read-only bind mount /etc/letsencrypt/…./privkey.pem to /etc/ssl/server.key on the container

     • I use dns verification for letsencrypt so I have to mount that key into the container

   • Your auth script uses doveadm to verify the sha512-crypt hash of the password of the user

   • doveadm loads /etc/dovecove/conf.d/* and verifies its settings

     • the ssl private key is specified in a config and so it tries to open/read it

     • the key however has ownership root:root and permissions rw- --- ---

       • which imho is not a bad idea. I really do not want a private key to be world readable on a service exposed to the web.

     • this causes a permission error

     • following this doveadm aborts with a configuration error without even checking the hash against the password

       • doveadm prints errors to stderr → it would be nice if that would somehow get logged into the service log files

   • authentication fails due to doveadm not returning (verified) on stdout

   Funny detail about this. That only causes issues with sending mails or logging into the server admin interface.

   ‌

   So I’d say maybe not really a bug… but something worth discussing about.

   • 2020-07-23T18:57:15+00:00
2. Log in to comment