jammy (1) doveadm-auth.1.gz

Provided by: dovecot-core_2.3.16+dfsg1-3ubuntu2.4_amd64 bug

NAME
       doveadm-auth - Flush/lookup/test authentication data


SYNOPSIS
       doveadm [-Dv] [-f formatter] auth command [OPTIONS] [ARGUMENTS]


DESCRIPTION
       The doveadm  auth COMMANDS can be used to perform various authentication related actions.


OPTIONS
       Global doveadm(1) options:

       -D     Enables verbosity and debug messages.

       -f formatter
              Specifies the formatter for formatting the output.  Supported formatters are:

              flow   prints each line with key=value pairs.

              pager  prints  each key: value pair on its own line and separates records with form feed character
                     (^L).

              tab    prints a table header followed by tab separated value lines.

              table  prints a table header followed by adjusted value lines.

       -o setting=value
              Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the  userdb  with  the
              given  value.   In  order  to  override multiple settings, the -o option may be specified multiple
              times.

       -v     Enables verbosity, including progress counter.

       Command specific options:

       -x auth_info
              auth_info specifies additional conditions for  the  auth  lookup  and  auth  test  commands.   The
              auth_info option string has to be given as name=value pair.  For multiple conditions the -x option
              could be supplied multiple times.
              All the given fields are forwarded to the auth process without checking for  their  validity.  The
              important names for the auth_info are:

              service
                     The  service  for  which  the authentication lookup should be tested.  The value may be the
                     name of a service, commonly used with Dovecot.  For example: imap, pop3 or smtp.

              lip    The local IP address (server) for the test.

              rip    The remote IP address (client) for the test.

              lport  The local port, e.g. 143

              rport  The remote port, e.g. 24567

              real_lip
                     The "real" local IP address (server) for the  test.  This  is  intended  to  be  the  local
                     server's IP, while "lip" contains the connecting proxy server's local IP.

              real_rip
                     The  "real"  remote IP address (client) for the test. This is intended to be the connecting
                     proxy server's IP address, while "rip" contains the original client's IP.

              real_lport
                     The "real" local port for proxied connections.

              real_rport
                     The "real" remote port for proxied connections.

              local_name
                     Provide the client TLS connection's SNI name.

              client_id
                     IMAP client ID string.

              session
                     Session ID string, mainly for logging purposes.


ARGUMENTS
       user   The user's login name.  Depending on the configuration, the login name may be for example jane  or
              john@example.com.

       password
              Optionally the user's password.  doveadm(1) will prompt for the password, if none was given.


COMMANDS
   auth cache flush
       doveadm auth cache flush [-a master_socket_path] [user ...]

       Flush  the  authentication  cache.   By default the cache is flushed for all the users (which can also be
       done by sending SIGHUP to the auth process).  You can also flush the cache  for  one  or  more  users  by
       providing their usernames.

       -a master_socket_path
              This option is used to specify an absolute path to an alternative UNIX domain socket.

              By  default doveadm(1) will use the socket /run/dovecot/auth-master.  The socket may be located in
              another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

   auth lookup
       doveadm auth lookup [-a userdb_socket_path] [-x auth_info] [-f field] user [...]

       Similar to doveadm-user(1) command, except it performs a passdb lookup (without  authentication)  instead
       of a userdb lookup.

       -a userdb_socket_path
              This option is used to specify an absolute path to an alternative UNIX domain socket.

              By  default doveadm(1) will use the socket /run/dovecot/auth-userdb.  The socket may be located in
              another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

       -f field
              When this option and the name of a userdb field is given, doveadm(1) will show only the  value  of
              the specified field.

   auth test
       doveadm auth test [-a auth_socket_path] [-x auth_info] user [password]

       Test authentication for the given user.

       -a auth_socket_path
              This option is used to specify an absolute path to an alternative UNIX domain socket.

              By  default doveadm(1) will use the socket /run/dovecot/auth-client.  The socket may be located in
              another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.


EXAMPLE
       This example demonstrates an imap authentication test for user john, assuming the user is connected  from
       the host with the IP address 192.0.2.143.

       doveadm auth test -x service=imap -x rip=192.0.2.143 john
       Password:
       passdb: john auth succeeded
       extra fields:
         user=john


REPORTING BUGS
       Report   bugs,  including  doveconf  -n  output,  to  the  Dovecot  Mailing  List  <dovecot@dovecot.org>.
       Information about reporting bugs is available at: http://dovecot.org/bugreport.html


SEE ALSO
       doveadm(1), doveadm-user(1), doveconf(1)