password plugin with postfixadmin and dovecot

[mwlucas]

Hi,

I'm running Roundcube 1.6.5 on FreeBSD 14.0, with Postfix 3.8, dovecot 2.3.1, apache 2.4, and postfixadmin 3.4. Everything works great, except the password module. Attempting to change the password generates these log messages:

Apr 11 19:57:09 <17.3> mx roundcube[52066]: <fjti45o5> PHP Error: Password plugin: Failed to execute command: /usr/local/bin/doveadm pw -s 'blf-crypt'. Error:  in /usr/local/www/roundcube/plugins/password/password.php on line 747 (POST /www/?_task=settings&_action=plugin.password-save)
Apr 11 19:57:09 <17.3> mx roundcube[52066]: <fjti45o5> PHP Error: Password plugin: Failed to execute command: /usr/local/bin/doveadm pw -s 'blf-crypt'. Error:  in /usr/local/www/roundcube/plugins/password/password.php on line 747 (POST /www/?_task=settings&_action=plugin.password-save)

Fearing typos, I copied and pasted the command to the command line. It works there.

Is there any way to get more information out of roundcube about WHY the command didn't run?

Here's the changes I made to the password module config.inc.php. I'm not at all confident in the password_query setting, but I haven't gotten that far. DB username, pw, etc changed.

$ diff config.inc.php.dist config.inc.php
23c23
< $config['password_minimum_score'] = 0;
---
> $config['password_minimum_score'] = 1;
51c51
< $config['password_algorithm'] = 'clear';
---
> $config['password_algorithm'] = 'dovecot';
64,65c64,65
< // $config['password_dovecotpw'] = '/usr/local/sbin/doveadm pw'; // for dovecot-2.x
< $config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw'; // for dovecot-1.x
---
> $config['password_dovecotpw'] = '/usr/local/bin/doveadm pw'; // for dovecot-2.x
> //$config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw'; // for dovecot-1.x
69c69
< $config['password_dovecotpw_method'] = 'CRAM-MD5';
---
> $config['password_dovecotpw_method'] = 'blf-crypt';
115c115
< $config['password_db_dsn'] = '';
---
> $config['password_db_dsn'] = 'mysql://user:pw@localhost/dbname';
133c133,136
< $config['password_query'] = 'SELECT update_passwd(%P, %u)';
---
> //$config['password_query'] = 'SELECT update_passwd(%P, %u)';
>
> //for postfixadmin
> $config['password_query'] = 'update virtualusers.mailbox set password=%P, modified=NOW() where username = %u';


Any suggestions appreciated!

[SKaero]

When you run the command manually what is the output?

Have you verified that the user the Roundcube process is running as can run the command?

[mwlucas]

Yep, you nailed it. Sorry, it's been a long day.

# su www -c "usr/local/bin/doveadm -s blf-crypt"     
This account is currently not available.

Now to figure out how to allow this account to run one specific command on FreeBSD.

Thank you for the clue.

[mwlucas]

Okay, I'm pondering this more deeply.

Like most Unixes, my www user has a shell of "/sbin/nologin". How do folks have their web server run a command when it has no shell?

Surely the doveadm hashing algorithm is not unique. Is there a way to compute that same hash in pure PHP?

[alec]

password_algorithm="blowfish-crypt".