dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>

pvsuja

Hi,

I have set up ImapcProxy based on the wiki2 page.
My server is set up for no plain text auth without starttls.
When I am trying to login in the proxy server, I am getting an error Unknown username/password.
The log says:
dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>
The server log:
dovecot: imap-login: Disconnected (tried to use disabled plaintext auth): rip=10.x.x.x, lip=10.x.x.y

Through wireshark, I found the username and password is going in plain text only to the server.
How will I enable starttls in ImapcProxy before any communication starts?


Thanks and regards,

Suja
Reply | Threaded
Open this post in threaded view
|

Re: dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>

Jan Phillip Greimann
Am 08.03.2013 07:08, schrieb pvsuja:
> Through wireshark, I found the username and password is going in plain text
> only to the server.
> How will I enable starttls in ImapcProxy before any communication starts?

Mhh, well, communication encryption and password encryption are two
different things. If you speak over SSL with your server, it doesn't
matter if the password is transmitted in plain.

http://wiki.dovecot.org/Authentication/Mechanisms

Reply | Threaded
Open this post in threaded view
|

Re: dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>

pvsuja

Yes, I know that.
When I am telnetting to my ImapcProxy over 143, the capabilities are listed

...... STARTTLS AUTH=PLAIN AUTH=LOGIN .....

I need the AUTH capability to be enabled only after STARTTLS
I have done this in Postfix.
Is there a way to do it in Dovecot?
Reply | Threaded
Open this post in threaded view
|

Re: dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>

Professa Dementia
On 3/8/2013 1:04 AM, pvsuja wrote:
>
> Yes, I know that.
> When I am telnetting to my ImapcProxy over 143, the capabilities are listed
>
> ...... STARTTLS AUTH=PLAIN AUTH=LOGIN .....
>
> I need the AUTH capability to be enabled only after STARTTLS
> I have done this in Postfix.
> Is there a way to do it in Dovecot?

 From the template /etc/dovecot/conf.d/10-auth.conf

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes


Dem

Reply | Threaded
Open this post in threaded view
|

Re: dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>

Timo Sirainen
In reply to this post by pvsuja
On 8.3.2013, at 8.08, pvsuja <[hidden email]> wrote:

> Through wireshark, I found the username and password is going in plain text
> only to the server.
> How will I enable starttls in ImapcProxy before any communication starts?

imapc_ssl = starttls

See also other related settings in http://wiki2.dovecot.org/Migration/Dsync

I guess imapc should have its own wiki page some day.

Reply | Threaded
Open this post in threaded view
|

Re: dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>

pvsuja
Thanks a lot!
I got it done with imapc_ssl and imapc_ssl_ca_dir settings.
I was not aware of those settings.

Thanks a bunch!


On Wed, Mar 20, 2013 at 10:58 PM, Timo Sirainen [via Dovecot] <[hidden email]> wrote:
On 8.3.2013, at 8.08, pvsuja <[hidden email]> wrote:

> Through wireshark, I found the username and password is going in plain text
> only to the server.
> How will I enable starttls in ImapcProxy before any communication starts?

imapc_ssl = starttls

See also other related settings in http://wiki2.dovecot.org/Migration/Dsync

I guess imapc should have its own wiki page some day.



To unsubscribe from dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>, click here.
NAML