DOVEADM-AUTH(1) Dovecot DOVEADM-AUTH(1)
NAME
doveadm-auth - Flush/lookup/test authentication data
SYNOPSIS
doveadm [-Dv] [-f formatter] auth command [OPTIONS] [ARGUMENTS]
DESCRIPTION
The doveadm auth COMMANDS can be used to perform various authentica-
tion related actions.
OPTIONS
Global doveadm(1) options:
-D Enables verbosity and debug messages.
-f formatter
Specifies the formatter for formatting the output. Supported
formatters are:
flow prints each line with key=value pairs.
pager prints each key: value pair on its own line and separates
records with form feed character (^L).
tab prints a table header followed by tab separated value
lines.
table prints a table header followed by adjusted value lines.
-o setting=value
Overrides the configuration setting from /etc/dovecot/dove-
cot.conf and from the userdb with the given value. In order to
override multiple settings, the -o option may be specified mul-
tiple times.
-v Enables verbosity, including progress counter.
Command specific options:
-x auth_info
auth_info specifies additional conditions for the auth lookup
and auth test commands. The auth_info option string has to be
given as name=value pair. For multiple conditions the -x option
could be supplied multiple times.
All the given fields are forwarded to the auth process without
checking for their validity. The important names for the
auth_info are:
service
The service for which the authentication lookup should be
tested. The value may be the name of a service, commonly
used with Dovecot. For example: imap, pop3 or smtp.
lip The local IP address (server) for the test.
rip The remote IP address (client) for the test.
lport The local port, e.g. 143
rport The remote port, e.g. 24567
real_lip
The "real" local IP address (server) for the test. This
is intended to be the local server's IP, while "lip" con-
tains the connecting proxy server's local IP.
real_rip
The "real" remote IP address (client) for the test. This
is intended to be the connecting proxy server's IP
address, while "rip" contains the original client's IP.
real_lport
The "real" local port for proxied connections.
real_rport
The "real" remote port for proxied connections.
local_name
Provide the client TLS connection's SNI name.
client_id
IMAP client ID string.
session
Session ID string, mainly for logging purposes.
ARGUMENTS
user The user's login name. Depending on the configuration, the
login name may be for example jane or john AT example.com.
password
Optionally the user's password. doveadm(1) will prompt for the
password, if none was given.
COMMANDS
auth cache flush
doveadm auth cache flush [-a master_socket_path] [user ...]
Flush the authentication cache. By default the cache is flushed for
all the users (which can also be done by sending SIGHUP to the auth
process). You can also flush the cache for one or more users by pro-
viding their usernames.
-a master_socket_path
This option is used to specify an absolute path to an alterna-
tive UNIX domain socket.
By default doveadm(1) will use the socket /var/run/dove-
cot/auth-master. The socket may be located in another direc-
tory, when the default base_dir setting was overridden in
/etc/dovecot/dovecot.conf.
auth lookup
doveadm auth lookup [-a userdb_socket_path] [-x auth_info] [-f
field] user [...]
Similar to doveadm-user(1) command, except it performs a passdb lookup
(without authentication) instead of a userdb lookup.
-a userdb_socket_path
This option is used to specify an absolute path to an alterna-
tive UNIX domain socket.
By default doveadm(1) will use the socket /var/run/dove-
cot/auth-userdb. The socket may be located in another direc-
tory, when the default base_dir setting was overridden in
/etc/dovecot/dovecot.conf.
-f field
When this option and the name of a userdb field is given,
doveadm(1) will show only the value of the specified field.
auth test
doveadm auth test [-a auth_socket_path] [-x auth_info] user [password]
Test authentication for the given user.
-a auth_socket_path
This option is used to specify an absolute path to an alterna-
tive UNIX domain socket.
By default doveadm(1) will use the socket /var/run/dove-
cot/auth-client. The socket may be located in another direc-
tory, when the default base_dir setting was overridden in
/etc/dovecot/dovecot.conf.
EXAMPLE
This example demonstrates an imap authentication test for user john,
assuming the user is connected from the host with the IP address
192.0.2.143.
doveadm auth test -x service=imap -x rip=192.0.2.143 john
Password:
passdb: john auth succeeded
extra fields:
user=john
REPORTING BUGS
Report bugs, including doveconf -n output, to the Dovecot Mailing List
<dovecot AT dovecot.org>. Information about reporting bugs is available
at: http://dovecot.org/bugreport.html
SEE ALSO
doveadm(1), doveadm-user(1), doveconf(1)
Dovecot v2.3 2014-10-19 DOVEADM-AUTH(1)
Linux-Distributionen
Huschi als Linux-Admin