为什么我收到来自 dovecot 的配置 passdbs 不支持凭证查找

tag-icon tag-icon debian authentication dovecot
为什么我收到来自 dovecot 的配置 passdbs 不支持凭证查找

我正在尝试在我的 Debian 4.9.65-3+deb9u1 服务器上向 Postfix 添加身份验证。

显然,第一阶段是使身份验证与 dovecot 协同工作。

如果我运行以下命令:

# doveadm -D auth lookup staging
Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm
Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_lookup_dict_iterate_visible_next (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message)
Debug: user staging: Auth PASS lookup returned temporary failure: reason=Configured passdbs don't support credentials lookups
Debug: auth PASS input: reason=Configured passdbs don't support credentials lookups
Error: passdb lookup failed for staging: Configured passdbs don't support credentials lookups

如您所见,查找失败。我可以确认服务器上有一个用户暂存,并且我可以使用 Rainloop webmail 为该用户发送和接收电子邮件。

# dovecot -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-4-amd64 x86_64 Debian 9.3 
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
protocols = " imap"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    address = 127.0.0.1
    port = 143
  }
  inet_listener imaps {
    port = 0
  }
}
ssl = no
userdb {
  driver = passwd
}

不确定我在这里做错了什么?

答案1

passdb {
  driver = pam
}

“数据库”绝不会将用户密码泄露给鸽舍,无论是明文还是哈希。可插入式身份验证模块库只能用于验证给定明文密码的正确性。因此你可以这样做:

doveadm -D auth test staging

对于所有实际用途来说,这应该足够了。但是,如果您想知道哪些数据库支持密码查找,您可以查看Dovecot 的文档

相关内容