NAME

       doveadm-auth - Flush/lookup/test authentication data

SYNOPSIS

       doveadm [-Dv] [-f formatter] auth command [OPTIONS] [ARGUMENTS]

DESCRIPTION

       The doveadm  auth COMMANDS can be used to perform various authentication related actions.

OPTIONS

       Global doveadm(1) options:

       -D     Enables verbosity and debug messages.

       -f formatter
              Specifies the formatter for formatting the output.  Supported formatters are:

              flow   prints each line with key=value pairs.

              pager  prints  each key: value pair on its own line and separates records with form feed character
                     (^L).

              tab    prints a table header followed by tab separated value lines.

              table  prints a table header followed by adjusted value lines.

       -o setting=value
              Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the  userdb  with  the
              given  value.   In  order  to  override multiple settings, the -o option may be specified multiple
              times.

       -v     Enables verbosity, including progress counter.

       Command specific options:

       -x auth_info
              auth_info specifies additional conditions for  the  auth  lookup  and  auth  test  commands.   The
              auth_info option string has to be given as name=value pair.  For multiple conditions the -x option
              could be supplied multiple times.
              All  the  given  fields are forwarded to the auth process without checking for their validity. The
              important names for the auth_info are:

              service
                     The service for which the authentication lookup should be tested.  The  value  may  be  the
                     name of a service, commonly used with Dovecot.  For example: imap, pop3 or smtp.

              lip    The local IP address (server) for the test.

              rip    The remote IP address (client) for the test.

              lport  The local port, e.g. 143

              rport  The remote port, e.g. 24567

              real_lip
                     The  "real"  local  IP  address  (server)  for  the  test. This is intended to be the local
                     server's IP, while "lip" contains the connecting proxy server's local IP.

              real_rip
                     The "real" remote IP address (client) for the test. This is intended to be  the  connecting
                     proxy server's IP address, while "rip" contains the original client's IP.

              real_lport
                     The "real" local port for proxied connections.

              real_rport
                     The "real" remote port for proxied connections.

              local_name
                     Provide the client TLS connection's SNI name.

              client_id
                     IMAP client ID string.

              session
                     Session ID string, mainly for logging purposes.

ARGUMENTS

       user   The  user's login name.  Depending on the configuration, the login name may be for example jane or
              john@example.com.

       password
              Optionally the user's password.  doveadm(1) will prompt for the password, if none was given.

COMMANDS

   auth cache flush
       doveadm auth cache flush [-a master_socket_path] [user ...]

       Flush the authentication cache.  By default the cache is flushed for all the users  (which  can  also  be
       done  by  sending  SIGHUP  to  the  auth process).  You can also flush the cache for one or more users by
       providing their usernames.

       -a master_socket_path
              This option is used to specify an absolute path to an alternative UNIX domain socket.

              By default doveadm(1) will use the socket /run/dovecot/auth-master.  The socket may be located  in
              another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

   auth lookup
       doveadm auth lookup [-a userdb_socket_path] [-x auth_info] [-f field] user [...]

       Similar  to  doveadm-user(1) command, except it performs a passdb lookup (without authentication) instead
       of a userdb lookup.

       -a userdb_socket_path
              This option is used to specify an absolute path to an alternative UNIX domain socket.

              By default doveadm(1) will use the socket /run/dovecot/auth-userdb.  The socket may be located  in
              another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

       -f field
              When  this  option and the name of a userdb field is given, doveadm(1) will show only the value of
              the specified field.

   auth test
       doveadm auth test [-a auth_socket_path] [-x auth_info] user [password]

       Test authentication for the given user.

       -a auth_socket_path
              This option is used to specify an absolute path to an alternative UNIX domain socket.

              By default doveadm(1) will use the socket /run/dovecot/auth-client.  The socket may be located  in
              another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

EXAMPLE

       This  example demonstrates an imap authentication test for user john, assuming the user is connected from
       the host with the IP address 192.0.2.143.

       doveadm auth test -x service=imap -x rip=192.0.2.143 john
       Password:
       passdb: john auth succeeded
       extra fields:
         user=john

REPORTING BUGS

       Report  bugs,  including  doveconf  -n  output,  to  the  Dovecot  Mailing  List   <dovecot@dovecot.org>.
       Information about reporting bugs is available at: http://dovecot.org/bugreport.html

SEE ALSO

       doveadm(1), doveadm-user(1), doveconf(1)

Dovecot v2.3                                       2014-10-19                                    DOVEADM-AUTH(1)