1DOVEADM-AUTH(1)                     Dovecot                    DOVEADM-AUTH(1)
2
3
4

NAME

6       doveadm-auth - Flush/lookup/test authentication data
7

SYNOPSIS

9       doveadm [-Dv] [-f formatter] auth command [OPTIONS] [ARGUMENTS]
10

DESCRIPTION

12       The  doveadm   auth COMMANDS can be used to perform various authentica‐
13       tion related actions.
14

OPTIONS

16       Global doveadm(1) options:
17
18       -D     Enables verbosity and debug messages.
19
20       -f formatter
21              Specifies the formatter for formatting  the  output.   Supported
22              formatters are:
23
24              flow   prints each line with key=value pairs.
25
26              pager  prints each key: value pair on its own line and separates
27                     records with form feed character (^L).
28
29              tab    prints a table header followed  by  tab  separated  value
30                     lines.
31
32              table  prints a table header followed by adjusted value lines.
33
34       -o setting=value
35              Overrides  the  configuration  setting  from  /etc/dovecot/dove‐
36              cot.conf and from the userdb with the given value.  In order  to
37              override  multiple settings, the -o option may be specified mul‐
38              tiple times.
39
40       -v     Enables verbosity, including progress counter.
41
42       Command specific options:
43
44       -x auth_info
45              auth_info specifies additional conditions for  the  auth  lookup
46              and  auth  test commands.  The auth_info option string has to be
47              given as name=value pair.  For multiple conditions the -x option
48              could be supplied multiple times.
49              All  the  given fields are forwarded to the auth process without
50              checking  for  their  validity.  The  important  names  for  the
51              auth_info are:
52
53              service
54                     The service for which the authentication lookup should be
55                     tested.  The value may be the name of a service, commonly
56                     used with Dovecot.  For example: imap, pop3 or smtp.
57
58              lip    The local IP address (server) for the test.
59
60              rip    The remote IP address (client) for the test.
61
62              lport  The local port, e.g. 143
63
64              rport  The remote port, e.g. 24567
65
66              real_lip
67                     The  "real"  local IP address (server) for the test. This
68                     is intended to be the local server's IP, while "lip" con‐
69                     tains the connecting proxy server's local IP.
70
71              real_rip
72                     The  "real" remote IP address (client) for the test. This
73                     is intended  to  be  the  connecting  proxy  server's  IP
74                     address, while "rip" contains the original client's IP.
75
76              real_lport
77                     The "real" local port for proxied connections.
78
79              real_rport
80                     The "real" remote port for proxied connections.
81
82              local_name
83                     Provide the client TLS connection's SNI name.
84
85              client_id
86                     IMAP client ID string.
87
88              session
89                     Session ID string, mainly for logging purposes.
90

ARGUMENTS

92       user   The  user's  login  name.   Depending  on the configuration, the
93              login name may be for example jane or john@example.com.
94
95       password
96              Optionally the user's password.  doveadm(1) will prompt for  the
97              password, if none was given.
98

COMMANDS

100   auth cache flush
101       doveadm auth cache flush [-a master_socket_path] [user ...]
102
103       Flush  the  authentication  cache.  By default the cache is flushed for
104       all the users (which can also be done by sending  SIGHUP  to  the  auth
105       process).   You  can also flush the cache for one or more users by pro‐
106       viding their usernames.
107
108       -a master_socket_path
109              This option is used to specify an absolute path to  an  alterna‐
110              tive UNIX domain socket.
111
112              By default doveadm(1) will use the socket /run/dovecot/auth-mas‐
113              ter.  The socket may be located in another directory,  when  the
114              default  base_dir  setting  was overridden in /etc/dovecot/dove‐
115              cot.conf.
116
117   auth lookup
118       doveadm  auth  lookup  [-a  userdb_socket_path]  [-x   auth_info]   [-f
119       field] user [...]
120
121       Similar  to doveadm-user(1) command, except it performs a passdb lookup
122       (without authentication) instead of a userdb lookup.
123
124       -a userdb_socket_path
125              This option is used to specify an absolute path to  an  alterna‐
126              tive UNIX domain socket.
127
128              By   default   doveadm(1)   will   use   the  socket  /run/dove‐
129              cot/auth-userdb.  The socket may be located  in  another  direc‐
130              tory,  when  the  default  base_dir  setting  was  overridden in
131              /etc/dovecot/dovecot.conf.
132
133       -f field
134              When this option and the  name  of  a  userdb  field  is  given,
135              doveadm(1) will show only the value of the specified field.
136
137   auth test
138       doveadm auth test [-a auth_socket_path] [-x auth_info] user [password]
139
140       Test authentication for the given user.
141
142       -a auth_socket_path
143              This  option  is used to specify an absolute path to an alterna‐
144              tive UNIX domain socket.
145
146              By  default  doveadm(1)   will   use   the   socket   /run/dove‐
147              cot/auth-client.   The  socket  may be located in another direc‐
148              tory, when  the  default  base_dir  setting  was  overridden  in
149              /etc/dovecot/dovecot.conf.
150
151

EXAMPLE

153       This  example  demonstrates  an imap authentication test for user john,
154       assuming the user is connected  from  the  host  with  the  IP  address
155       192.0.2.143.
156
157       doveadm auth test -x service=imap -x rip=192.0.2.143 john
158       Password:
159       passdb: john auth succeeded
160       extra fields:
161         user=john
162

REPORTING BUGS

164       Report  bugs, including doveconf -n output, to the Dovecot Mailing List
165       <dovecot@dovecot.org>.  Information about reporting bugs  is  available
166       at: http://dovecot.org/bugreport.html
167

SEE ALSO

169       doveadm(1), doveadm-user(1), doveconf(1)
170
171
172
173Dovecot v2.3                      2014-10-19                   DOVEADM-AUTH(1)
Impressum