doveadm-auth¶

NAME¶

doveadm-auth - Flush/lookup/test authentication data

SYNOPSIS¶

doveadm [GLOBAL OPTIONS] auth command [OPTIONS] [ARGUMENTS]

DESCRIPTION¶

The doveadm auth COMMANDS can be used to perform various authentication related actions.

GLOBAL OPTIONS¶

Global doveadm(1) options:

-D: Enables verbosity and debug messages.
-O: Do not read any config file, just use defaults.
-k: Preserve entire environment for doveadm, not just import_environment.
-v: Enables verbosity, including progress counter.
-i instance-name: If using multiple Dovecot instances, choose the config file based on this instance name. See instance_name setting for more information.
-c config-file: Read configuration from the given config-file. By default it first reads config socket, and then falls back to /etc/dovecot/dovecot.conf. You can also point this to config socket of some instance running compatible version.
-o setting=value: Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the userdb with the given value. In order to override multiple settings, the -o option may be specified multiple times.

-f formatter

Specifies the formatter for formatting the output. Supported formatters are:

flow: prints each line with key=value pairs.
pager: prints each key: value pair on its own line and separates records with form feed character (^L).
tab: prints a table header followed by tab separated value lines.
table: prints a table header followed by adjusted value lines.

OPTIONS¶

-x auth_info

auth_info specifies additional conditions for the user command. The auth_info option string has to be given as name = value pair. For multiple conditions the -x option could be supplied multiple times.

Possible names for the auth_info are:

service: The service for which the userdb lookup should be tested. The value may be the name of a service, commonly used with Dovecot. For example: imap, pop3 or smtp.
session: Session identifier.
lip: The local IP address (server) for the test.
rip: The remote IP address (client) for the test.
lport: The local port, e.g. 143
rport: The remote port, e.g. 24567
real_lip: The local IP to which the client connected on this host.
real_rip: The remote IP where client connected from to this host.
real_lport: The local port to which client connected to to this host.
real_rport: The remote port from where the client connected from to this host.
forward_<field>: Field to forward as %{forward:field} to auth process.

ARGUMENTS¶

user: The user’s login name. Depending on the configuration, the login name may be for example jane or john@example.com.
password: Optionally the user’s password. doveadm(1) will prompt for the password, if none was given.

COMMANDS¶

auth cache flush¶

doveadm auth cache flush [-a master_socket_path] [user …]

Flush the authentication cache. By default the cache is flushed for all the users (which can also be done by sending SIGHUP to the auth process). You can also flush the cache for one or more users by providing their usernames.

-a master_socket_path

This option is used to specify an absolute path to an alternative UNIX domain socket.

By default doveadm(1) will use the socket /rundir/auth-master. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

-x auth_info

auth_info specifies additional conditions for the user command. The auth_info option string has to be given as name = value pair. For multiple conditions the -x option could be supplied multiple times.

Possible names for the auth_info are:

service: The service for which the userdb lookup should be tested. The value may be the name of a service, commonly used with Dovecot. For example: imap, pop3 or smtp.
session: Session identifier.
lip: The local IP address (server) for the test.
rip: The remote IP address (client) for the test.
lport: The local port, e.g. 143
rport: The remote port, e.g. 24567
real_lip: The local IP to which the client connected on this host.
real_rip: The remote IP where client connected from to this host.
real_lport: The local port to which client connected to to this host.
real_rport: The remote port from where the client connected from to this host.
forward_<field>: Field to forward as %{forward:field} to auth process.

auth lookup¶

doveadm auth lookup [-a userdb_socket_path] [-x auth_info] [-f field] user […]

Similar to doveadm-user(1) command, except it performs a passdb lookup (without authentication) instead of a userdb lookup.

-a userdb_socket_path

This option is used to specify an absolute path to an alternative UNIX domain socket.

By default doveadm(1) will use the socket /rundir/auth-userdb. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

-f field

When this option and the name of a userdb field is given, doveadm(1) will show only the value of the specified field.

-x auth_info

auth_info specifies additional conditions for the user command. The auth_info option string has to be given as name = value pair. For multiple conditions the -x option could be supplied multiple times.

Possible names for the auth_info are:

service: The service for which the userdb lookup should be tested. The value may be the name of a service, commonly used with Dovecot. For example: imap, pop3 or smtp.
session: Session identifier.
lip: The local IP address (server) for the test.
rip: The remote IP address (client) for the test.
lport: The local port, e.g. 143
rport: The remote port, e.g. 24567
real_lip: The local IP to which the client connected on this host.
real_rip: The remote IP where client connected from to this host.
real_lport: The local port to which client connected to to this host.
real_rport: The remote port from where the client connected from to this host.
forward_<field>: Field to forward as %{forward:field} to auth process.

auth test¶

doveadm auth test [-a auth_socket_path] [-A sasl_mech] [-x auth_info] user [password]

Test authentication for the given user.

-a auth_socket_path

This option is used to specify an absolute path to an alternative UNIX domain socket.

By default doveadm(1) will use the socket /rundir/auth-client. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

-A sasl_mech

The SASL mechanism used for the authentication. By default PLAIN is used.

-x auth_info

auth_info specifies additional conditions for the user command. The auth_info option string has to be given as name = value pair. For multiple conditions the -x option could be supplied multiple times.

Possible names for the auth_info are:

service: The service for which the userdb lookup should be tested. The value may be the name of a service, commonly used with Dovecot. For example: imap, pop3 or smtp.
session: Session identifier.
lip: The local IP address (server) for the test.
rip: The remote IP address (client) for the test.
lport: The local port, e.g. 143
rport: The remote port, e.g. 24567
real_lip: The local IP to which the client connected on this host.
real_rip: The remote IP where client connected from to this host.
real_lport: The local port to which client connected to to this host.
real_rport: The remote port from where the client connected from to this host.
forward_<field>: Field to forward as %{forward:field} to auth process.

auth login¶

doveadm auth login [-a auth_socket_path] [-m auth_master_socket_path] [-A sasl_mech] [-x auth_info] user [password]

Test full login for the given user; i.e. performing both passdb lookup (authentication) and userdb lookup (login).

-a auth_socket_path

This option is used to specify an absolute path to an alternative UNIX domain socket.

By default doveadm(1) will use the socket /rundir/auth-client. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

-m auth_master_socket_path

This option is used to specify an absolute path to an alternative UNIX domain socket for the master socket.

By default doveadm(1) will use the socket /rundir/auth-master. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

-A sasl_mech

The SASL mechanism used for the authentication. By default PLAIN is used.

-x auth_info

auth_info specifies additional conditions for the user command. The auth_info option string has to be given as name = value pair. For multiple conditions the -x option could be supplied multiple times.

Possible names for the auth_info are:

service: The service for which the userdb lookup should be tested. The value may be the name of a service, commonly used with Dovecot. For example: imap, pop3 or smtp.
session: Session identifier.
lip: The local IP address (server) for the test.
rip: The remote IP address (client) for the test.
lport: The local port, e.g. 143
rport: The remote port, e.g. 24567
real_lip: The local IP to which the client connected on this host.
real_rip: The remote IP where client connected from to this host.
real_lport: The local port to which client connected to to this host.
real_rport: The remote port from where the client connected from to this host.
forward_<field>: Field to forward as %{forward:field} to auth process.

EXAMPLE¶

This example demonstrates an imap authentication test for user john, assuming the user is connected from the host with the IP address 192.0.2.143.

doveadm auth test -x service=imap -x rip=192.0.2.143 john
Password:
passdb: john auth succeeded
extra fields:
  user=john

REPORTING BUGS¶

Report bugs, including doveconf -n output, to the Dovecot Mailing List <dovecot@dovecot.org>. Information about reporting bugs is available at: https://dovecot.org/bugreport.html

doveadm-auth¶

NAME¶

SYNOPSIS¶

DESCRIPTION¶

GLOBAL OPTIONS¶

OPTIONS¶

ARGUMENTS¶

COMMANDS¶

auth cache flush¶

auth lookup¶

auth test¶

EXAMPLE¶

REPORTING BUGS¶

SEE ALSO¶

Navigation

Related Topics