Devuan bug report logs - #661
dovecot fails to authenticate system users

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.devuan.org (full text, mbox, reply):

Package: dovecot-imapd  1:2.3.13+dfsg1-2 

This *seems to be* a devuan problem on version 4 as there is no similar problem on debian 11 with identical config (see dovecot -n below). It commenced after a dist-upgrade from devuan 3 on *two* separate machines.

I've tried to get help with this on the dovecot list, but no one was able to find the problem; lack of devuan experience was sited. I also tried creating a new system user on the version 4 system, but the problem is the same. It appears that dovecot is unable to read /etc/shadow as it is possible to create virtual users as per
https://wiki.dovecot.org/HowTo/SimpleVirtualInstall

cat /etc/devuan_version
chimaera

telnet localhost 143
Trying 127.0.0.1...
Connected to bulawayo.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot (Debian) ready.
a login david xxxxxxxxx
a NO [UNAVAILABLE] Temporary authentication failure. [bulawayo:2022-01-29 21:46:29]

sudo dovecot -n
[sudo] password for david:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.1
# Hostname: bulawayo
auth_debug = yes
auth_verbose = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/passwd
driver = passwd-file
}
passdb {
driver = pam
}
protocols = " imap"
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = uid=vmail gid=vmail home=/home/vmail/%u
driver = static
}
userdb {
driver = passwd
}

nb the problem existed before the first userdb block was added for virtual users.

--
David Matthews
mail@dmatthews.org

Message #8 received at 661@bugs.devuan.org (full text, mbox, reply):

Control: tags -1 moreinfo

David,

Is this still an issue or did you find a solution?

Thanks

Mark

Message #15 received at 661@bugs.devuan.org (full text, mbox, reply):

David,

On Tue, Feb 14, 2023 at 08:50:39AM +0000, David Matthews wrote:
> I run Devuan on my laptop which I use for development, but Debian on the VM
> that hosts my mail exchanger. I've not done any development for quite a few
> months, so I can't be definitive, but as above, presumably the problem is
> still in Devuan (but not Debian).

None of the packages are different. Devuan uses Debian's dovecot packages
directly without recompilation, so it is difficult to see why there is an issue
on Devuan but not Debian.

> I could make sure everything is up to date and run up my development
> environment and check if that would be helpful.

Yes, very. Thanks.

Mark

Message #20 received at 661@bugs.devuan.org (full text, mbox, reply):

Control: reassign -1 dovecot-core

Resolved. Documenting details here for reference.

Set

 auth_debug=yes
 auth_verbose=yes

to produce

On Fri, Feb 17, 2023 at 03:21:00PM +0000, David Matthews wrote:
> hi Mark
> 
> root@bulawayo:/home/david# doveadm auth test david@localhost
> Password: 
> passdb: david@localhost auth failed
> extra fields:
>   user=david@localhost
>   code=temp_fail
> 
> (same if I do david@bulawayo BTW)
> 
> and a grep at mail.warn:-
> 
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: fatal error: failed to reserve page summary memory
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: 
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime stack:
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.throw(0x7f18f8934292, 0x25)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/panic.go:1116 +0x74 fp=0x7f18f8641b30 sp=0x7f18f8641b00 pc=0x7f18f8762474
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.(*pageAlloc).sysInit(0x7f18f8b20428)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/mpagealloc_64bit.go:80 +0x185 fp=0x7f18f8641bc0 sp=0x7f18f8641b30 pc=0x7f18f8758b25
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.(*pageAlloc).init(0x7f18f8b20428, 0x7f18f8b20420, 0x7f18f8b3ab18)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/mpagealloc.go:317 +0x77 fp=0x7f18f8641be8 sp=0x7f18f8641bc0 pc=0x7f18f8756517
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.(*mheap).init(0x7f18f8b20420)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/mheap.go:743 +0x24b fp=0x7f18f8641c10 sp=0x7f18f8641be8 pc=0x7f18f87534cb
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.mallocinit()
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/malloc.go:480 +0x109 fp=0x7f18f8641c38 sp=0x7f18f8641c10 pc=0x7f18f8738c09
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.schedinit()
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/proc.go:563 +0x65 fp=0x7f18f8641c90 sp=0x7f18f8641c38 pc=0x7f18f8765e25
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.rt0_go(0x7ffef46854f8, 0x2, 0x7ffef46854f8, 0x7f18f8642700, 0x7f18f91c4ea7, 0x0, 0x7f18f8642700, 0x7f18f8642700, 0xefb14e7355c6fbae, 0x7ffef4683b8e, ...)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/asm_amd64.s:214 +0x129 fp=0x7f18f8641c98 sp=0x7f18f8641c90 pc=0x7f18f8794c09
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth: Error: auth worker: Aborted PASSV request for david@localhost: Worker process died unexpectedl


This problem with changes to the golang allocator is known upstream[1]. They
tolerate a memory requirement of 4096MB[2].

Configuring dovecot with

 default_vsz_limit = 4096M

restored normal function.

Mark

[1]  https://github.com/golang/go/issues/38010

[2]  https://github.com/golang/go/issues/38010#issuecomment-691772381

Message #29 received at 661-close@bugs.devuan.org (full text, mbox, reply):

Review of installed binaries revealed fscrypt which is implemented in golang and
hooks PAM authentication with libpam-fscrypt.

Closing.

Mark

Send a report that this bug log contains spam.