Devuan bug report logs - #661
dovecot fails to authenticate system users

Package: dovecot-core; Maintainer for dovecot-core is (unknown); Source for dovecot-core is src:dovecot.

Reported by: David Matthews <mail@dmatthews.org>

Date: Sun, 30 Jan 2022 13:52:02 UTC

Severity: normal

Done: Mark Hindley <mark@hindley.org.uk>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to devuan-bugs@lists.dyne.org, devuan-dev@lists.dyne.org:
bug#661; Package dovecot-imapd 1:2.3.13+dfsg1-2. (Sun, 30 Jan 2022 13:52:02 GMT) (full text, mbox, link).


Acknowledgement sent to David Matthews <mail@dmatthews.org>:
New bug report received and forwarded. Copy sent to devuan-dev@lists.dyne.org. (Sun, 30 Jan 2022 13:52:05 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.devuan.org (full text, mbox, reply):

From: David Matthews <mail@dmatthews.org>
To: submit@bugs.devuan.org
Subject: dovecot fails to authenticate system users
Date: Sun, 30 Jan 2022 13:50:20 +0000 (GMT)
Package: dovecot-imapd  1:2.3.13+dfsg1-2 

This *seems to be* a devuan problem on version 4 as there is no similar problem on debian 11 with identical config (see dovecot -n below). It commenced after a dist-upgrade from devuan 3 on *two* separate machines.

I've tried to get help with this on the dovecot list, but no one was able to find the problem; lack of devuan experience was sited. I also tried creating a new system user on the version 4 system, but the problem is the same. It appears that dovecot is unable to read /etc/shadow as it is possible to create virtual users as per
https://wiki.dovecot.org/HowTo/SimpleVirtualInstall

cat /etc/devuan_version
chimaera

telnet localhost 143
Trying 127.0.0.1...
Connected to bulawayo.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot (Debian) ready.
a login david xxxxxxxxx
a NO [UNAVAILABLE] Temporary authentication failure. [bulawayo:2022-01-29 21:46:29]

sudo dovecot -n
[sudo] password for david:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.1
# Hostname: bulawayo
auth_debug = yes
auth_verbose = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/passwd
driver = passwd-file
}
passdb {
driver = pam
}
protocols = " imap"
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = uid=vmail gid=vmail home=/home/vmail/%u
driver = static
}
userdb {
driver = passwd
}

nb the problem existed before the first userdb block was added for virtual users.

--
David Matthews
mail@dmatthews.org


Information forwarded to devuan-bugs@lists.dyne.org, devuan-dev@lists.dyne.org:
bug#661; Package dovecot-imapd 1:2.3.13+dfsg1-2. (Tue, 14 Feb 2023 08:32:02 GMT) (full text, mbox, link).


Message #8 received at 661@bugs.devuan.org (full text, mbox, reply):

From: Mark Hindley <mark@hindley.org.uk>
To: David Matthews <mail@dmatthews.org>, 661@bugs.devuan.org
Subject: Re: bug#661: dovecot fails to authenticate system users
Date: Tue, 14 Feb 2023 08:30:13 +0000
Control: tags -1 moreinfo

David,

Is this still an issue or did you find a solution?

Thanks

Mark

Added tag(s) moreinfo. Request was from Mark Hindley <mark@hindley.org.uk> to 661-submit@bugs.devuan.org. (Tue, 14 Feb 2023 08:32:04 GMT) (full text, mbox, link).


Information forwarded to devuan-bugs@lists.dyne.org, devuan-dev@lists.dyne.org:
bug#661; Package dovecot-imapd 1:2.3.13+dfsg1-2. (Tue, 14 Feb 2023 09:44:02 GMT) (full text, mbox, link).


Acknowledgement sent to Mark Hindley <mark@hindley.org.uk>:
Extra info received and forwarded to list. Copy sent to devuan-dev@lists.dyne.org. (Tue, 14 Feb 2023 09:44:02 GMT) (full text, mbox, link).


Message #15 received at 661@bugs.devuan.org (full text, mbox, reply):

From: Mark Hindley <mark@hindley.org.uk>
To: David Matthews <mail@dmatthews.org>
Cc: 661@bugs.devuan.org
Subject: Re: bug#661: dovecot fails to authenticate system users
Date: Tue, 14 Feb 2023 09:41:52 +0000
David,

On Tue, Feb 14, 2023 at 08:50:39AM +0000, David Matthews wrote:
> I run Devuan on my laptop which I use for development, but Debian on the VM
> that hosts my mail exchanger. I've not done any development for quite a few
> months, so I can't be definitive, but as above, presumably the problem is
> still in Devuan (but not Debian).

None of the packages are different. Devuan uses Debian's dovecot packages
directly without recompilation, so it is difficult to see why there is an issue
on Devuan but not Debian.

> I could make sure everything is up to date and run up my development
> environment and check if that would be helpful.

Yes, very. Thanks.

Mark

Information forwarded to devuan-bugs@lists.dyne.org, devuan-dev@lists.dyne.org:
bug#661; Package dovecot-imapd 1:2.3.13+dfsg1-2. (Sun, 19 Feb 2023 12:06:02 GMT) (full text, mbox, link).


Acknowledgement sent to Mark Hindley <mark@hindley.org.uk>:
Extra info received and forwarded to list. Copy sent to devuan-dev@lists.dyne.org. (Sun, 19 Feb 2023 12:06:07 GMT) (full text, mbox, link).


Message #20 received at 661@bugs.devuan.org (full text, mbox, reply):

From: Mark Hindley <mark@hindley.org.uk>
To: 661@bugs.devuan.org
Cc: David Matthews <mail@dmatthews.org>
Subject: Re: bug#661: dovecot fails to authenticate system users
Date: Sun, 19 Feb 2023 12:04:08 +0000
Control: reassign -1 dovecot-core

Resolved. Documenting details here for reference.

Set

 auth_debug=yes
 auth_verbose=yes

to produce

On Fri, Feb 17, 2023 at 03:21:00PM +0000, David Matthews wrote:
> hi Mark
> 
> root@bulawayo:/home/david# doveadm auth test david@localhost
> Password: 
> passdb: david@localhost auth failed
> extra fields:
>   user=david@localhost
>   code=temp_fail
> 
> (same if I do david@bulawayo BTW)
> 
> and a grep at mail.warn:-
> 
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: fatal error: failed to reserve page summary memory
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: 
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime stack:
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.throw(0x7f18f8934292, 0x25)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/panic.go:1116 +0x74 fp=0x7f18f8641b30 sp=0x7f18f8641b00 pc=0x7f18f8762474
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.(*pageAlloc).sysInit(0x7f18f8b20428)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/mpagealloc_64bit.go:80 +0x185 fp=0x7f18f8641bc0 sp=0x7f18f8641b30 pc=0x7f18f8758b25
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.(*pageAlloc).init(0x7f18f8b20428, 0x7f18f8b20420, 0x7f18f8b3ab18)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/mpagealloc.go:317 +0x77 fp=0x7f18f8641be8 sp=0x7f18f8641bc0 pc=0x7f18f8756517
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.(*mheap).init(0x7f18f8b20420)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/mheap.go:743 +0x24b fp=0x7f18f8641c10 sp=0x7f18f8641be8 pc=0x7f18f87534cb
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.mallocinit()
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/malloc.go:480 +0x109 fp=0x7f18f8641c38 sp=0x7f18f8641c10 pc=0x7f18f8738c09
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.schedinit()
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/proc.go:563 +0x65 fp=0x7f18f8641c90 sp=0x7f18f8641c38 pc=0x7f18f8765e25
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.rt0_go(0x7ffef46854f8, 0x2, 0x7ffef46854f8, 0x7f18f8642700, 0x7f18f91c4ea7, 0x0, 0x7f18f8642700, 0x7f18f8642700, 0xefb14e7355c6fbae, 0x7ffef4683b8e, ...)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/asm_amd64.s:214 +0x129 fp=0x7f18f8641c98 sp=0x7f18f8641c90 pc=0x7f18f8794c09
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth: Error: auth worker: Aborted PASSV request for david@localhost: Worker process died unexpectedl


This problem with changes to the golang allocator is known upstream[1]. They
tolerate a memory requirement of 4096MB[2].

Configuring dovecot with

 default_vsz_limit = 4096M

restored normal function.

Mark

[1]  https://github.com/golang/go/issues/38010

[2]  https://github.com/golang/go/issues/38010#issuecomment-691772381


bug reassigned from package 'dovecot-imapd 1:2.3.13+dfsg1-2' to 'dovecot-core'. Request was from Mark Hindley <mark@hindley.org.uk> to 661-submit@bugs.devuan.org. (Sun, 19 Feb 2023 12:06:12 GMT) (full text, mbox, link).


Removed tag(s) moreinfo. Request was from Mark Hindley <mark@hindley.org.uk> to control@bugs.devuan.org. (Sun, 19 Feb 2023 12:10:01 GMT) (full text, mbox, link).


Reply sent to Mark Hindley <mark@hindley.org.uk>:
You have taken responsibility. (Sun, 19 Feb 2023 13:50:03 GMT) (full text, mbox, link).


Notification sent to David Matthews <mail@dmatthews.org>:
bug acknowledged by developer. (Sun, 19 Feb 2023 13:50:06 GMT) (full text, mbox, link).


Message #29 received at 661-close@bugs.devuan.org (full text, mbox, reply):

From: Mark Hindley <mark@hindley.org.uk>
To: 661-close@bugs.devuan.org
Cc: David Matthews <mail@dmatthews.org>
Subject: Re: bug#661: dovecot fails to authenticate system users
Date: Sun, 19 Feb 2023 13:47:39 +0000
Review of installed binaries revealed fscrypt which is implemented in golang and
hooks PAM authentication with libpam-fscrypt.

Closing.

Mark


Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Fri Mar 29 11:54:09 2024;