Why do I get Configured passdbs don't support credentials lookups from dovecot

Question

I am trying to add authentication to Postfix on my Debian 4.9.65-3+deb9u1 server.

The first stage of this is to get authentication working with dovecot, apparently.

If I run the command:

# doveadm -D auth lookup staging
Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm
Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_lookup_dict_iterate_visible_next (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message)
Debug: user staging: Auth PASS lookup returned temporary failure: reason=Configured passdbs don't support credentials lookups
Debug: auth PASS input: reason=Configured passdbs don't support credentials lookups
Error: passdb lookup failed for staging: Configured passdbs don't support credentials lookups

As you can see, lookup fails. I can confirm there is a user staging on the server, and I can send and receive email for that user using Rainloop webmail.

# dovecot -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-4-amd64 x86_64 Debian 9.3 
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
protocols = " imap"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    address = 127.0.0.1
    port = 143
  }
  inet_listener imaps {
    port = 0
  }
}
ssl = no
userdb {
  driver = passwd
}

Not sure what I'm doing wrong here?

Answer 1

passdb {
  driver = pam
}

This "database" will never reveal the user's password to dovecot, whether as plaintext or hash. The Pluggable Authentication Module library can only be used to verify the correctness of a given plaintext password. So you can do:

doveadm -D auth test staging

That should be enough for all practical purposes. However, if you are curious which databases support password lookups, you can check Dovecot's documentation.