doveadm-auth - Man Page

Flush/lookup/test authentication data

Synopsis

doveadm [-Dv] [-f formatter] auth command [Options] [Arguments]

Description

The doveadm  auth Commands can be used to perform various authentication related actions.

Options

Global doveadm(1) options:

-D

Enables verbosity and debug messages.

-f formatter

Specifies the formatter for formatting the output. Supported formatters are:

flow

prints each line with key=value pairs.

pager

prints each keyvalue pair on its own line and separates records with form feed character (^L).

tab

prints a table header followed by tab separated value lines.

table

prints a table header followed by adjusted value lines.

-o setting=value

Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the userdb with the given value. In order to override multiple settings, the -o option may be specified multiple times.

-v

Enables verbosity, including progress counter.

Command specific options:

-x auth_info

auth_info specifies additional conditions for the auth lookup and auth test commands. The auth_info option string has to be given as name=value pair. For multiple conditions the -x option could be supplied multiple times.
All the given fields are forwarded to the auth process without checking for their validity. The important names for the auth_info are:

service

The service for which the authentication lookup should be tested. The value may be the name of a service, commonly used with Dovecot. For example: imap, pop3 or smtp.

lip

The local IP address (server) for the test.

rip

The remote IP address (client) for the test.

lport

The local port, e.g. 143

rport

The remote port, e.g. 24567

real_lip

The "real" local IP address (server) for the test. This is intended to be the local server's IP, while "lip" contains the connecting proxy server's local IP.

real_rip

The "real" remote IP address (client) for the test. This is intended to be the connecting proxy server's IP address, while "rip" contains the original client's IP.

real_lport

The "real" local port for proxied connections.

real_rport

The "real" remote port for proxied connections.

local_name

Provide the client TLS connection's SNI name.

client_id

IMAP client ID string.

session

Session ID string, mainly for logging purposes.

Arguments

user

The user's login name. Depending on the configuration, the login name may be for example jane or john@example.com.

password

Optionally the user's password. doveadm(1) will prompt for the password, if none was given.

Commands

auth cache flush

doveadm auth cache flush [-a master_socket_path] [user ...]

Flush the authentication cache. By default the cache is flushed for all the users (which can also be done by sending SIGHUP to the auth process). You can also flush the cache for one or more users by providing their usernames.

-a master_socket_path

This option is used to specify an absolute path to an alternative UNIX domain socket.

By default doveadm(1) will use the socket /run/dovecot/auth-master. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

auth lookup

doveadm auth lookup [-a userdb_socket_path] [-x auth_info] [-f fielduser [...]

Similar to doveadm-user(1) command, except it performs a passdb lookup (without authentication) instead of a userdb lookup.

-a userdb_socket_path

This option is used to specify an absolute path to an alternative UNIX domain socket.

By default doveadm(1) will use the socket /run/dovecot/auth-userdb. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

-f field

When this option and the name of a userdb field is given, doveadm(1) will show only the value of the specified field.

auth test

doveadm auth test [-a auth_socket_path] [-x auth_info] user [password]

Test authentication for the given user.

-a auth_socket_path

This option is used to specify an absolute path to an alternative UNIX domain socket.

By default doveadm(1) will use the socket /run/dovecot/auth-client. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

Example

This example demonstrates an imap authentication test for user john, assuming the user is connected from the host with the IP address 192.0.2.143.

doveadm auth test -x service=imap -x rip=192.0.2.143 john
Password:
passdb: john auth succeeded
extra fields:
  user=john

Reporting Bugs

Report bugs, including doveconf -n output, to the Dovecot Mailing List <dovecot@dovecot.org>. Information about reporting bugs is available at: http://dovecot.org/bugreport.html

See Also

doveadm(1), doveadm-user(1), doveconf(1)

Referenced By

doveadm(1), doveadm-sync(1).

2014-10-19 Dovecot v2.3