Dovecot allows creating a master user that will be able to log-in as any other user which is particularly useful when administering a large number of accounts and you have to check that emails are properly sent and received. This short tutorial will explain how a master user can be added to dovecot and how to test logging-in. The Linux distribution used for this tutorial is Debian but the information may apply to other distributions.
To create a master file, assuming that the dovecot configuration files are placed in /etc/dovecot/, issue the command:
htpasswd -b -c -s /etc/dovecot/master-users MASTER_USER MASTER_PASSWORD
where:
MASTER_USER is the master user to be used to log-in as other users,MASTER_PASSWORD is the master user's password
To configure dovecot and enable the master user, edit /etc/dovecot/conf.d/10-auth.conf and set the master separator field:
auth_master_user_separator = *
this symbol (*) will be used to separate the real user from the master user when logging-in. In the same file, make sure that the master configuration file is not commented (remove the hash sign # before the exclamation mark !:
!include auth-master.conf.ext
Next, edit /etc/dovecot/conf.d/auth-master.conf.ext and amend the file such that it contains the lines:
passdb {
driver = passwd-file
master = yes
args = /etc/dovecot/master-users
pass = yes
}
passdb {
driver = shadow
}
userdb {
driver = passwd
}
The final step is to restart dovecot and then check that logging-in works.
Checking that the master user works can be performed via SSL or in plain mode. In order to log-in as a different user by using the master user, the username and password to be used will be:
| Username | Password |
|---|---|
OTHER_USER*MASTER_USER | MASTER_PASSWORD |
For example, if the user you want to log-in as is called john and your master user is called barbara and the master password is siglint, then the username you have to supply will be john*barbara and the password will be siglint.
To log-in using the plain method, issue:
telnet localhost 143
assuming that dovecot is listening on localhost.
And then enter:
tag login john*barbara siglint
where:
john is the user to impersonatebarbara is the master usernamesiglint is the master passwordUsing SSL, issue:
openssl s_client -crlf -connect localhost:993
assuming that dovecot is listening on localhost and port 993, and then issue:
tag login john*barbara siglint
where:
john is the user to impersonatebarbara is the master usernamesiglint is the master password