From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 11 Sep 2025 08:02:40 +0000 (+0300)
Subject: lib-auth, auth: Include auth_allow_weak_schemes setting in related log messages
X-Git-Tag: 2.4.2~420
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8fc94fa218ec240c308d5682a477f762d1eff020;p=thirdparty%2Fdovecot%2Fcore.git

lib-auth, auth: Include auth_allow_weak_schemes setting in related log messages

Makes it easier to understand how to change the behavior.
---

diff --git a/src/auth/main.c b/src/auth/main.c
index 8a867333fd..c3b01becad 100644
--- a/src/auth/main.c
+++ b/src/auth/main.c
@@ -241,7 +241,8 @@ static void main_init(void)
 		/* caching is handled only by the main auth process */
 		passdb_cache_init(global_auth_settings);
 		if (global_auth_settings->allow_weak_schemes)
-			i_warning("Weak password schemes are allowed");
+			i_warning("Weak password schemes are allowed "
+				  "(auth_allow_weak_schemes=yes)");
 	}
 }
 
diff --git a/src/lib-auth/password-scheme.c b/src/lib-auth/password-scheme.c
index 40a0ebb5d7..796feac702 100644
--- a/src/lib-auth/password-scheme.c
+++ b/src/lib-auth/password-scheme.c
@@ -92,7 +92,8 @@ int password_verify(const char *plaintext,
 	}
 
 	if (s->weak && !g_allow_weak) {
-		*error_r = t_strdup_printf("Weak password scheme '%s' used and refused",
+		*error_r = t_strdup_printf("Weak password scheme '%s' used and refused "
+					   "(Set auth_allow_weak_schemes=yes to allow)",
 					   s->name);
 		return -1;
 	}