doveadm-auth (1)
Leading comments
Copyright (c) 2010-2016 Dovecot authors, see the included COPYING file
NAME
doveadm-auth - Flush/lookup/test authentication dataSYNOPSIS
doveadm [-Dv] [-f formatter] auth command [OPTIONS] [ARGUMENTS]DESCRIPTION
The doveadm auth COMMANDS can be used to perform various authentication related actions.OPTIONS
Global doveadm(1) options:- -D
- Enables verbosity and debug messages.
- -f formatter
-
Specifies the
formatter
for formatting the output.
Supported formatters are:
-
- flow
- prints each line with key=value pairs.
- pager
- prints each key: value pair on its own line and separates records with form feed character (^L).
- tab
- prints a table header followed by tab separated value lines.
- table
- prints a table header followed by adjusted value lines.
-
- -o setting=value
- Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the userdb with the given value. In order to override multiple settings, the -o option may be specified multiple times.
- -v
- Enables verbosity, including progress counter.
Command specific options:
- -x auth_info
-
auth_info
specifies additional conditions for the
auth lookup and auth test
commands.
The
auth_info
option string has to be given as
name=value
pair.
For multiple conditions the
-x
option could be supplied multiple times.
Possible names for the auth_info are:-
- service
- The service for which the authentication lookup should be tested. The value may be the name of a service, commonly used with Dovecot. For example: imap, pop3 or smtp.
- lip
- The local IP address (server) for the test.
- rip
- The remote IP address (client) for the test.
- lport
- The local port, e.g. 143
- rport
- The remote port, e.g. 24567
-
ARGUMENTS
- user
- The useraqs login name. Depending on the configuration, the login name may be for example jane or john@example.com.
- password
- Optionally the useraqs password. doveadm(1) will prompt for the password, if none was given.
COMMANDS
auth cache flush
doveadm auth cache flush [-a master_socket_path] [user ...]Flush the authentication cache. By default the cache is flushed for all the users (which can also be done by sending SIGHUP to the auth process). You can also flush the cache for one or more users by providing their usernames.
- -a master_socket_path
-
This option is used to specify an absolute path to an alternative UNIX
domain socket.
By default doveadm(1) will use the socket /var/run/dovecot/auth-master. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.
auth lookup
doveadm auth lookup [-a userdb_socket_path] [-x auth_info] [-f field] user [...]Similar to doveadm-user(1) command, except it performs a passdb lookup (without authentication) instead of a userdb lookup.
- -a userdb_socket_path
-
This option is used to specify an absolute path to an alternative UNIX
domain socket.
By default doveadm(1) will use the socket /var/run/dovecot/auth-userdb. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.
- -f field
- When this option and the name of a userdb field is given, doveadm(1) will show only the value of the specified field.
auth test
doveadm auth test [-a auth_socket_path] [-x auth_info] user [password]Test authentication for the given user.
- -a auth_socket_path
-
This option is used to specify an absolute path to an alternative UNIX
domain socket.
By default doveadm(1) will use the socket /var/run/dovecot/auth-client. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.
EXAMPLE
This example demonstrates an imap authentication test for user john, assuming the user is connected from the host with the IP address 192.0.2.143.
doveadm auth test -x service=imap -x rip=192.0.2.143 john Password: passdb: john auth succeeded extra fields: user=john