doveadm-auth - Flush/lookup/test authentication data
doveadm [-Dv] [-f formatter]
auth command [OPTIONS] [ARGUMENTS]
The doveadm auth COMMANDS can be used to perform various
authentication related actions.
Global doveadm(1) options:
- -D
- Enables verbosity and debug messages.
- -f formatter
- Specifies the formatter for formatting the output. Supported
formatters are:
- flow
- prints each line with key=value pairs.
- pager
- prints each key: value pair on its own line and
separates records with form feed character (^L).
- tab
- prints a table header followed by tab separated value lines.
- table
- prints a table header followed by adjusted value lines.
- -o setting=value
- Overrides the configuration setting from
/usr/local/etc/dovecot/dovecot.conf and from the userdb with the
given value. In order to override multiple settings, the -o
option may be specified multiple times.
- -v
- Enables verbosity, including progress counter.
Command specific options:
- -x auth_info
- auth_info specifies additional conditions for the auth
lookup and auth test commands. The auth_info option
string has to be given as name=value pair. For
multiple conditions the -x option could be supplied multiple times.
All the given fields are forwarded to the auth process without checking for
their validity. The important names for the auth_info are:
- service
- The service for which the authentication lookup should be tested. The
value may be the name of a service, commonly used with Dovecot. For
example: imap, pop3 or smtp.
- lip
- The local IP address (server) for the test.
- rip
- The remote IP address (client) for the test.
- lport
- The local port, e.g. 143
- rport
- The remote port, e.g. 24567
- real_lip
- The "real" local IP address (server) for the test. This is
intended to be the local server's IP, while "lip" contains the
connecting proxy server's local IP.
- real_rip
- The "real" remote IP address (client) for the test. This is
intended to be the connecting proxy server's IP address, while
"rip" contains the original client's IP.
- real_lport
- The "real" local port for proxied connections.
- real_rport
- The "real" remote port for proxied connections.
- local_name
- Provide the client TLS connection's SNI name.
- client_id
- IMAP client ID string.
- session
- Session ID string, mainly for logging purposes.
- user
- The user's login name. Depending on the configuration, the login
name may be for example jane or john@example.com.
- password
- Optionally the user's password. doveadm(1) will prompt for the
password, if none was given.
doveadm auth cache flush [-a master_socket_path]
[user ...]
Flush the authentication cache. By default the cache is flushed
for all the users (which can also be done by sending SIGHUP to the auth
process). You can also flush the cache for one or more users by providing
their usernames.
- -a master_socket_path
- This option is used to specify an absolute path to an alternative UNIX
domain socket.
By default doveadm(1) will use the socket
/var/run/dovecot/auth-master. The socket may be located in
another directory, when the default base_dir setting was
overridden in /usr/local/etc/dovecot/dovecot.conf.
doveadm auth lookup [-a userdb_socket_path] [-x
auth_info] [-f field] user [...]
Similar to doveadm-user(1) command, except it performs a
passdb lookup (without authentication) instead of a userdb
lookup.
- -a userdb_socket_path
- This option is used to specify an absolute path to an alternative UNIX
domain socket.
By default doveadm(1) will use the socket
/var/run/dovecot/auth-userdb. The socket may be located in
another directory, when the default base_dir setting was
overridden in /usr/local/etc/dovecot/dovecot.conf.
- -f field
- When this option and the name of a userdb field is given,
doveadm(1) will show only the value of the specified field.
doveadm auth test [-a auth_socket_path] [-x
auth_info] user [password]
Test authentication for the given user.
- -a auth_socket_path
- This option is used to specify an absolute path to an alternative UNIX
domain socket.
By default doveadm(1) will use the socket
/var/run/dovecot/auth-client. The socket may be located in
another directory, when the default base_dir setting was
overridden in /usr/local/etc/dovecot/dovecot.conf.
This example demonstrates an imap authentication test for user john, assuming
the user is connected from the host with the IP address 192.0.2.143.
doveadm auth test -x service=imap -x rip=192.0.2.143 john
Password:
passdb: john auth succeeded
extra fields:
user=john
Report bugs, including doveconf -n output, to the Dovecot Mailing List
<dovecot@dovecot.org>. Information about reporting bugs is available at:
http://dovecot.org/bugreport.html
doveadm(1), doveadm-user(1), doveconf(1)