You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I upgraded my mail server to Debian Bullseye and now accounts can not log in on Postfixadmin 3.3.10. Dovecot. The credentials verify with doveadm auth test user@example.com SECRET. Also, IMAP login etc works without issues. So its a thing between Postfixadmin and Dovecot.
The Apache2 error log has the following entries:
[Sun Dec 26 20:44:46.750491 2021] [php7:notice] [pid 2142068] [client IP] Failed to read password from /usr/bin/doveadm pw -r 10 ... stderr: Fatal: Missing {scheme} prefix from hash\n, password: , method: BLF-CRYPT , referer: https://example.com/admin/users/login.php
[Sun Dec 26 20:44:46.750609 2021] [php7:notice] [pid 2142068] [client IP] Error trying to call pacrypt(), referer: https://exmple.com/admin/users/login.php
[Sun Dec 26 20:44:46.750633 2021] [php7:notice] [pid 2142068] [client IP] Exception: /usr/bin/doveadm pw -r 10 failed, see error log for details in /opt/postfixadmin/functions.inc.php:1060\nStack trace:\n#0 /opt/postfixadmin/functions.inc.php(1275): _pacrypt_dovecot()\n#1 /opt/postfixadmin/model/Login.php(49): pacrypt()\n#2 /opt/postfixadmin/public/users/login.php(56): Login->login()\n#3 {main}, referer: https://example.com/admin/users/login.php
$ /usr/bin/doveadm pw -r 10 -s BLF-CRYPT -t 'def'
Enter password to verify:
Fatal: Missing {scheme} prefix from hash
$ echo$?
75
$ /usr/bin/doveadm pw -r 10 -s BLF-CRYPT -t '{BLF-CRYPT}def'
Enter password to verify:
Fatal: reverse password verification check failed: Password is not blowfish password
$ echo$?
75
# password asdf
/usr/bin/doveadm pw -r 10 -s BLF-CRYPT -t '$2y$05$wmel.60XmC5X3nfzcJ96ceJsThaMMF7T.0iLw9gdotmfP0kiJxzju'
Enter password to verify:
Fatal: Missing {scheme} prefix from hash
$ echo$?
75
/usr/bin/doveadm pw -r 10 -s BLF-CRYPT -t '{BLF-CRYPT}$2y$05$wmel.60XmC5X3nfzcJ96ceJsThaMMF7T.0iLw9gdotmfP0kiJxzju'
Enter password to verify:
{BLF-CRYPT}$2y$05$wmel.60XmC5X3nfzcJ96ceJsThaMMF7T.0iLw9gdotmfP0kiJxzju (verified)
$ echo$?
0
/usr/bin/doveadm pw -r 10 -t '{BLF-CRYPT}$2y$05$wmel.60XmC5X3nfzcJ96ceJsThaMMF7T.0iLw9gdotmfP0kiJxzju'
Enter password to verify:
{BLF-CRYPT}$2y$05$wmel.60XmC5X3nfzcJ96ceJsThaMMF7T.0iLw9gdotmfP0kiJxzju (verified)
$ echo$?
0
man 1 doveadm-pw tells us:
-s scheme
The password scheme which should be used to generate the hashed password. By default the CRAM-MD5 scheme will be used. It is also possible to append an encoding suffix to the scheme. Supported encoding suffixes are: .b64, .base64 and .hex.
See also http://wiki2.dovecot.org/Authentication/PasswordSchemes for more details about password schemes.
Now I'm wondering if Dovecot is not accepting/interpreting its -s flag correctly or behaving as expected.
I'm currently trying to add a workaround for the time being.
The text was updated successfully, but these errors were encountered:
I was playing around with the source code and suddenly it works. I reverted all my changes - mostly debug output - and it continues to work. I have no idea why / what changed. But I think this issue can be considered closed.
I upgraded my mail server to Debian Bullseye and now accounts can not log in on Postfixadmin 3.3.10. Dovecot. The credentials verify with
doveadm auth test user@example.com SECRET
. Also, IMAP login etc works without issues. So its a thing between Postfixadmin and Dovecot.The Apache2 error log has the following entries:
I added the full command for output that fails:
So as far as I can tell https://github.com/postfixadmin/postfixadmin/blob/master/model/Login.php#L52 checks if the password validation works in general, right?
So I played around with the scheme and
-s
flag:man 1 doveadm-pw
tells us:Now I'm wondering if Dovecot is not accepting/interpreting its-s
flag correctly or behaving as expected.I'm currently trying to add a workaround for the time being.
The text was updated successfully, but these errors were encountered: