1DOVEADM-AUTH(1) Dovecot DOVEADM-AUTH(1)
2
3
4
6 doveadm-auth - Flush/lookup/test authentication data
7
9 doveadm [-Dv] [-f formatter] auth command [OPTIONS] [ARGUMENTS]
10
12 The doveadm auth COMMANDS can be used to perform various authentica‐
13 tion related actions.
14
16 Global doveadm(1) options:
17
18 -D Enables verbosity and debug messages.
19
20 -f formatter
21 Specifies the formatter for formatting the output. Supported
22 formatters are:
23
24 flow prints each line with key=value pairs.
25
26 pager prints each key: value pair on its own line and separates
27 records with form feed character (^L).
28
29 tab prints a table header followed by tab separated value
30 lines.
31
32 table prints a table header followed by adjusted value lines.
33
34 -o setting=value
35 Overrides the configuration setting from /etc/dovecot/dove‐
36 cot.conf and from the userdb with the given value. In order to
37 override multiple settings, the -o option may be specified mul‐
38 tiple times.
39
40 -v Enables verbosity, including progress counter.
41
42 Command specific options:
43
44 -x auth_info
45 auth_info specifies additional conditions for the auth lookup
46 and auth test commands. The auth_info option string has to be
47 given as name=value pair. For multiple conditions the -x option
48 could be supplied multiple times.
49 All the given fields are forwarded to the auth process without
50 checking for their validity. The important names for the
51 auth_info are:
52
53 service
54 The service for which the authentication lookup should be
55 tested. The value may be the name of a service, commonly
56 used with Dovecot. For example: imap, pop3 or smtp.
57
58 lip The local IP address (server) for the test.
59
60 rip The remote IP address (client) for the test.
61
62 lport The local port, e.g. 143
63
64 rport The remote port, e.g. 24567
65
66 real_lip
67 The "real" local IP address (server) for the test. This
68 is intended to be the local server's IP, while "lip" con‐
69 tains the connecting proxy server's local IP.
70
71 real_rip
72 The "real" remote IP address (client) for the test. This
73 is intended to be the connecting proxy server's IP
74 address, while "rip" contains the original client's IP.
75
76 real_lport
77 The "real" local port for proxied connections.
78
79 real_rport
80 The "real" remote port for proxied connections.
81
82 local_name
83 Provide the client TLS connection's SNI name.
84
85 client_id
86 IMAP client ID string.
87
88 session
89 Session ID string, mainly for logging purposes.
90
92 user The user's login name. Depending on the configuration, the
93 login name may be for example jane or john@example.com.
94
95 password
96 Optionally the user's password. doveadm(1) will prompt for the
97 password, if none was given.
98
100 auth cache flush
101 doveadm auth cache flush [-a master_socket_path] [user ...]
102
103 Flush the authentication cache. By default the cache is flushed for
104 all the users (which can also be done by sending SIGHUP to the auth
105 process). You can also flush the cache for one or more users by pro‐
106 viding their usernames.
107
108 -a master_socket_path
109 This option is used to specify an absolute path to an alterna‐
110 tive UNIX domain socket.
111
112 By default doveadm(1) will use the socket /run/dovecot/auth-mas‐
113 ter. The socket may be located in another directory, when the
114 default base_dir setting was overridden in /etc/dovecot/dove‐
115 cot.conf.
116
117 auth lookup
118 doveadm auth lookup [-a userdb_socket_path] [-x auth_info] [-f
119 field] user [...]
120
121 Similar to doveadm-user(1) command, except it performs a passdb lookup
122 (without authentication) instead of a userdb lookup.
123
124 -a userdb_socket_path
125 This option is used to specify an absolute path to an alterna‐
126 tive UNIX domain socket.
127
128 By default doveadm(1) will use the socket /run/dove‐
129 cot/auth-userdb. The socket may be located in another direc‐
130 tory, when the default base_dir setting was overridden in
131 /etc/dovecot/dovecot.conf.
132
133 -f field
134 When this option and the name of a userdb field is given,
135 doveadm(1) will show only the value of the specified field.
136
137 auth test
138 doveadm auth test [-a auth_socket_path] [-x auth_info] user [password]
139
140 Test authentication for the given user.
141
142 -a auth_socket_path
143 This option is used to specify an absolute path to an alterna‐
144 tive UNIX domain socket.
145
146 By default doveadm(1) will use the socket /run/dove‐
147 cot/auth-client. The socket may be located in another direc‐
148 tory, when the default base_dir setting was overridden in
149 /etc/dovecot/dovecot.conf.
150
151
153 This example demonstrates an imap authentication test for user john,
154 assuming the user is connected from the host with the IP address
155 192.0.2.143.
156
157 doveadm auth test -x service=imap -x rip=192.0.2.143 john
158 Password:
159 passdb: john auth succeeded
160 extra fields:
161 user=john
162
164 Report bugs, including doveconf -n output, to the Dovecot Mailing List
165 <dovecot@dovecot.org>. Information about reporting bugs is available
166 at: http://dovecot.org/bugreport.html
167
169 doveadm(1), doveadm-user(1), doveconf(1)
170
171
172
173Dovecot v2.3 2014-10-19 DOVEADM-AUTH(1)