#248 Can´t login - can't encrypt password with dovecotpw

closed-invalid
nobody
5
2014-09-10
2011-05-23
john doe
No

After updating dovecot to version 2.0.13 postfixadmin can´t login. On website it shows the message "can't encrypt password with dovecotpw" and in apache-log file it writes:

"doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 85: Couldn't open include file /etc/dovecot/conf.d/90-sieve.conf: Permission denied"

All config files from dovecot are having the same permissions.

---
> ls -R /etc/dovecot/
/etc/dovecot/:
total 80K
drwxr-xr-x 3 root root 4.0K May 18 14:32 .
drwxr-xr-x 90 root root 4.0K May 18 21:03 ..
-rw-r--r-- 1 root root 116 Mar 12 21:41 README
drw-r--r-- 2 root root 4.0K May 18 14:37 conf.d
-rw-r--r-- 1 root root 410 Jan 25 00:28 dovecot-db-example.conf
-rw-r--r-- 1 root root 410 Mar 12 21:41 dovecot-db.conf.ext
-rw-r--r-- 1 root root 782 Jan 25 00:28 dovecot-dict-sql-example.conf
-rw-r--r-- 1 root root 374 Mar 19 10:11 dovecot-dict-sql.conf.ext
-rw-r--r-- 1 root root 4.9K Jan 25 00:29 dovecot-ldap.conf
-rw-r--r-- 1 root root 5.1K Mar 12 21:41 dovecot-ldap.conf.ext
-rw-r--r-- 1 root root 5.3K Mar 12 21:41 dovecot-sql.conf
-rw-r--r-- 1 root root 5.5K Mar 19 15:16 dovecot-sql.conf.ext
-rw-r--r-- 1 root root 5.3K May 16 22:51 dovecot-sql.conf.ext.ucf-dist
-rw-r--r-- 1 root root 3.7K Mar 15 19:02 dovecot.conf
-rw-r--r-- 1 root root 3.7K May 16 22:51 dovecot.conf.ucf-dist

/etc/dovecot/conf.d:
total 136K
drw-r--r-- 2 root root 4.0K May 18 14:37 .
drwxr-xr-x 3 root root 4.0K May 18 14:32 ..
-rw-r--r-- 1 root root 5.2K Mar 29 17:53 10-auth.conf
-rw-r--r-- 1 root root 5.2K May 16 22:51 10-auth.conf.ucf-dist
-rw-r--r-- 1 root root 1.7K Mar 12 21:41 10-director.conf
-rw-r--r-- 1 root root 2.8K Mar 29 13:20 10-logging.conf
-rw-r--r-- 1 root root 2.6K May 16 22:51 10-logging.conf.ucf-dist
-rw-r--r-- 1 root root 15K Mar 29 15:50 10-mail.conf
-rw-r--r-- 1 root root 3.1K Mar 19 10:45 10-master.conf
-rw-r--r-- 1 root root 1.7K Mar 29 15:37 10-ssl.conf
-rw-r--r-- 1 root root 1.6K Mar 15 17:36 15-lda.conf
-rw-r--r-- 1 root root 2.4K Mar 19 15:20 20-imap.conf
-rw-r--r-- 1 root root 2.4K May 16 22:51 20-imap.conf.ucf-dist
-rw-r--r-- 1 root root 468 Mar 29 16:26 20-lmtp.conf
-rw-r--r-- 1 root root 469 May 16 22:51 20-lmtp.conf.ucf-dist
-rw-r--r-- 1 root root 2.4K May 18 14:34 20-managesieve.conf
-rw-r--r-- 1 root root 2.3K May 16 22:51 20-managesieve.conf.ucf-dist
-rw-r--r-- 1 root root 3.5K Mar 12 21:41 20-pop3.conf
-rw-r--r-- 1 root root 676 Mar 12 21:41 90-acl.conf
-rw-r--r-- 1 root root 485 Mar 26 18:17 90-plugin.conf
-rw-r--r-- 1 root root 2.3K Mar 19 15:39 90-quota.conf
-rw-r--r-- 1 root root 2.5K Mar 12 21:41 90-sieve.conf
-rw-r--r-- 1 root root 486 Mar 12 21:41 auth-deny.conf.ext
-rw-r--r-- 1 root root 558 Mar 12 21:41 auth-master.conf.ext
-rw-r--r-- 1 root root 329 Mar 12 21:41 auth-passwdfile.conf.ext
-rw-r--r-- 1 root root 785 Mar 12 21:41 auth-sql.conf.ext
-rw-r--r-- 1 root root 608 Mar 12 21:41 auth-static.conf.ext
-rw-r--r-- 1 root root 2.1K Mar 12 21:41 auth-system.conf.ext
-rw-r--r-- 1 root root 327 May 16 22:51 auth-vpopmail.conf.ext
---

But if I delete 90_sieve.conf the next file will be shown - so it seams a generally problem. Dovecot by itself works like a charm and postfix also works.

And a "doveadm pw -u USERNAME -p PASSWORD" will also print the hashed sequence.

Discussion

  • You'll probably have to set
    $CONF['dovecotpw'] = "/usr/sbin/doveadm pw";

    (Besides that, this bug is probably a duplicate - but I don't have the time to check it at the moment.)

     
  • john doe
    john doe
    2011-05-23

    > You'll probably have to set
    > $CONF['dovecotpw'] = "/usr/sbin/doveadm pw";

    Well, this line I´ve already changed and with dovecot version 2.0.11 it has work. The problems appear with newer dovecot version.

     
  • GingerDog
    GingerDog
    2011-05-23

    chmod 755 /etc/dovecot/conf.d (directory needs +x permission for it to be accessible)

     
  • john doe
    john doe
    2011-05-23

    Thanks, now it works. But fyi: the dovecot package will set it to 644 by the next upgrade.

     
  • > But fyi: the dovecot package will set it to 644 by the next upgrade.

    That's a bug in the dovecot package - please report it to your distribution/the packager.

    I'm closing this bug as "invalid", however the correct status would be "notmybug" ;-)

     
    • status: open --> closed-invalid
     
  • GingerDog
    GingerDog
    2014-09-09

    Anyone can run 'doveadm' - when run like 'doveadm pw' it'll prompt you for a password and print out it has a dovecot compatible hashed password.

    e.g.

    $ doveadm pw
    Enter new password:
    Retype new password:
    {CRAM-MD5}a7cb902940b3f6662c48ace840a4e3e410241e875d720cb45b2d95a3e1ddfc8b

    Previous versions of Postfixadmin relied on a dovecotpw command, which has now been deprecated/removed (there's a config.inc.php setting for this).

     
  • armcro
    armcro
    2014-09-09

    sorry if I don't understand. I need Postfixadmin to authenticate users against CRAM-MD5 stored passwords. if I am not wrong, it uses "doveadm pw" for this but without changing the permissions on Dovecot's configuration files it justly doesn't work. changing the permissions works. and I don't want to make configuration files world readable.
    correct?

     
  • GingerDog
    GingerDog
    2014-09-09

    Assuming the original files are owned by dovecot:dovecot, then add www-data to the dovecot group and restart Apache?

     
  • armcro
    armcro
    2014-09-10

    this is better, yes. thanks