dovecot-2.0: example-config: Moved passdbs and userdbs to separa...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Mar 6 16:35:14 EET 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/b1d5982ffd14
changeset: 10853:b1d5982ffd14
user: Timo Sirainen <tss at iki.fi>
date: Sat Mar 06 16:34:52 2010 +0200
description:
example-config: Moved passdbs and userdbs to separate auth-*.conf.ext files.
diffstat:
doc/example-config/conf.d/Makefile.am | 8 +
doc/example-config/conf.d/auth-checkpassword.conf.ext | 21 ++
doc/example-config/conf.d/auth-deny.conf.ext | 15 +
doc/example-config/conf.d/auth-ldap.conf.ext | 22 ++
doc/example-config/conf.d/auth-master.conf.ext | 16 ++
doc/example-config/conf.d/auth-passwdfile.conf.ext | 14 +
doc/example-config/conf.d/auth-sql.conf.ext | 22 ++
doc/example-config/conf.d/auth-system.conf.ext | 71 ++++++++
doc/example-config/conf.d/auth-vpopmail.conf.ext | 15 +
doc/example-config/conf.d/auth.conf | 190 +----------------------
10 files changed, 213 insertions(+), 181 deletions(-)
diffs (truncated from 454 to 300 lines):
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/Makefile.am
--- a/doc/example-config/conf.d/Makefile.am Sat Mar 06 14:28:32 2010 +0200
+++ b/doc/example-config/conf.d/Makefile.am Sat Mar 06 16:34:52 2010 +0200
@@ -3,6 +3,14 @@
exampledir = $(docdir)/example-config/conf.d
example_DATA = \
auth.conf \
+ auth-checkpassword.conf.ext \
+ auth-deny.conf.ext \
+ auth-ldap.conf.ext \
+ auth-master.conf.ext \
+ auth-passwdfile.conf.ext \
+ auth-sql.conf.ext \
+ auth-system.conf.ext \
+ auth-vpopmail.conf.ext \
imap.conf \
lda.conf \
lmtp.conf \
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-checkpassword.conf.ext
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-checkpassword.conf.ext Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,21 @@
+# Authentication for checkpassword users. Included from auth.conf.
+#
+# <doc/wiki/AuthDatabase.CheckPassword.txt>
+
+passdb {
+ driver = checkpassword
+ args = /usr/bin/checkpassword
+}
+
+# passdb lookup should return also userdb info
+userdb {
+ driver = prefetch
+}
+
+# Standard checkpassword doesn't support direct userdb lookups.
+# If you need checkpassword userdb, the checkpassword must support
+# Dovecot-specific extensions.
+#userdb {
+# driver = checkpassword
+# args = /usr/bin/checkpassword
+#}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-deny.conf.ext
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-deny.conf.ext Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,15 @@
+# Deny access for users. Included from auth.conf.
+
+# Users can be (temporarily) disabled by adding a passdb with deny=yes.
+# If the user is found from that database, authentication will fail.
+# The deny passdb should always be specified before others, so it gets
+# checked first.
+
+# Example deny passdb using passwd-file. You can use any passdb though.
+passdb {
+ driver = passwd-file
+ deny = yes
+
+ # File contains a list of usernames, one per line
+ args = /etc/dovecot/deny-users
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-ldap.conf.ext
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-ldap.conf.ext Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,22 @@
+# Authentication for LDAP users. Included from auth.conf.
+#
+# <doc/wiki/AuthDatabase.LDAP.txt>
+
+passdb {
+ driver = ldap
+
+ # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
+ args = /etc/dovecot/dovecot-ldap.conf.ext
+}
+
+# "prefetch" user database means that the passdb already provided the
+# needed information and there's no need to do a separate userdb lookup.
+# <doc/wiki/UserDatabase.Prefetch.txt>
+#userdb {
+# driver = prefetch
+#}
+
+userdb {
+ driver = ldap
+ args = /etc/dovecot/dovecot-ldap.conf.ext
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-master.conf.ext
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-master.conf.ext Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,16 @@
+# Authentication for master users. Included from auth.conf.
+
+# By adding master=yes setting inside a passdb you make the passdb a list
+# of "master users", who can log in as anyone else.
+# <doc/wiki/Authentication.MasterUsers.txt>
+
+# Example master user passdb using passwd-file. You can use any passdb though.
+passdb {
+ driver = passwd-file
+ master = yes
+ args = /etc/dovecot/master-users
+
+ # Unless you're using PAM, you probably still want the destination user to
+ # be looked up from passdb that it really exists. pass=yes does that.
+ pass = yes
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-passwdfile.conf.ext
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-passwdfile.conf.ext Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,14 @@
+# Authentication for passwd-file users. Included from auth.conf.
+#
+# passwd-like file with specified location.
+# <doc/wiki/AuthDatabase.PasswdFile.txt>
+
+passdb {
+ driver = passwd-file
+ args = scheme=CRYPT username_format=%u /etc/dovecot/users
+}
+
+userdb {
+ driver = passwd-file
+ args = username_format=%u /etc/dovecot/users
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-sql.conf.ext
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-sql.conf.ext Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,22 @@
+# Authentication for SQL users. Included from auth.conf.
+#
+# <doc/wiki/AuthDatabase.SQL.txt>
+
+passdb {
+ driver = sql
+
+ # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
+ args = /etc/dovecot/dovecot-sql.conf.ext
+}
+
+# "prefetch" user database means that the passdb already provided the
+# needed information and there's no need to do a separate userdb lookup.
+# <doc/wiki/UserDatabase.Prefetch.txt>
+#userdb {
+# driver = prefetch
+#}
+
+userdb {
+ driver = sql
+ args = /etc/dovecot/dovecot-sql.conf.ext
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-system.conf.ext
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-system.conf.ext Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,71 @@
+# Authentication for system users. Included from auth.conf.
+#
+# <doc/wiki/PasswordDatabase.txt>
+# <doc/wiki/UserDatabase.txt>
+
+# PAM authentication. Preferred nowadays by most systems.
+# PAM is typically used with either userdb passwd or userdb static.
+# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
+# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
+passdb {
+ driver = pam
+ # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
+ # [cache_key=<key>] [<service name>]
+ #args = dovecot
+}
+
+# System users (NSS, /etc/passwd, or similiar).
+# In many systems nowadays this uses Name Service Switch, which is
+# configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
+#passdb {
+ #driver = passwd
+ # [blocking=yes]
+ #args =
+#}
+
+# Shadow passwords for system users (NSS, /etc/shadow or similiar).
+# Deprecated by PAM nowadays.
+# <doc/wiki/PasswordDatabase.Shadow.txt>
+#passdb {
+ #driver = shadow
+ # [blocking=yes]
+ #args =
+#}
+
+# PAM-like authentication for OpenBSD.
+# <doc/wiki/PasswordDatabase.BSDAuth.txt>
+#passdb {
+ #driver = bsdauth
+ # [cache_key=<key>]
+ #args =
+#}
+
+##
+## User databases
+##
+
+# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
+# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
+userdb {
+ # <doc/wiki/AuthDatabase.Passwd.txt>
+ driver = passwd
+ # [blocking=no]
+ #args =
+}
+
+# Static settings generated from template <doc/wiki/UserDatabase.Static.txt>
+#userdb {
+ #driver = static
+ # Can return anything a userdb could normally return. For example:
+ #
+ # args = uid=500 gid=500 home=/var/mail/%u
+ #
+ # LDA and LMTP needs to look up users only from the userdb. This of course
+ # doesn't work with static userdb because there is no list of users.
+ # Normally static userdb handles this by doing a passdb lookup. This works
+ # with most passdbs, with PAM being the most notable exception. If you do
+ # the user verification another way, you can add allow_all_users=yes to
+ # the args in which case the passdb lookup is skipped.
+ #
+ #args =
+#}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-vpopmail.conf.ext
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-vpopmail.conf.ext Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,15 @@
+# Authentication for vpopmail users. Included from auth.conf.
+#
+# <doc/wiki/AuthDatabase.VPopMail.txt>
+
+passdb {
+ driver = vpopmail
+
+ # [cache_key=<key>]
+ # [quota_template=<template>] - %q expands to Maildir++ quota
+ args = quota_template=quota_rule=*:backend=%q
+}
+
+userdb {
+ driver = vpopmail
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth.conf
--- a/doc/example-config/conf.d/auth.conf Sat Mar 06 14:28:32 2010 +0200
+++ b/doc/example-config/conf.d/auth.conf Sat Mar 06 16:34:52 2010 +0200
@@ -91,7 +91,7 @@
auth_mechanisms = plain
##
-## Password databases
+## Password and user databases
##
#
@@ -102,187 +102,15 @@
#
# <doc/wiki/PasswordDatabase.txt>
#
-# By adding master=yes setting inside a passdb you make the passdb a list
-# of "master users", who can log in as anyone else. Unless you're using PAM,
-# you probably still want the destination user to be looked up from passdb
-# that it really exists. This can be done by adding pass=yes setting to the
-# master passdb. <doc/wiki/Authentication.MasterUsers.txt>
-
-# Users can be temporarily disabled by adding a passdb with deny=yes.
-# If the user is found from that database, authentication will fail.
-# The deny passdb should always be specified before others, so it gets
-# checked first. Here's an example:
-
-#passdb {
- #driver = passwd-file
- # File contains a list of usernames, one per line
- #args = /etc/dovecot.deny
- #deny = yes
-#}
-
-passdb {
- # PAM authentication. Preferred nowadays by most systems.
- # Note that PAM can only be used to verify if user's password is correct,
- # so it can't be used as userdb. If you don't want to use a separate user
- # database (passwd usually), you can use static userdb.
- # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
- # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
- driver = pam
- # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
- # [cache_key=<key>] [<service name>]
- #
- # session=yes makes Dovecot open and immediately close PAM session. Some
- # PAM plugins need this to work, such as pam_mkhomedir.
- #
- # setcred=yes makes Dovecot establish PAM credentials if some PAM plugins
- # need that. They aren't ever deleted though, so this isn't enabled by
- # default.
- #
- # max_requests specifies how many PAM lookups to do in one process before
- # recreating the process. The default is 100, because many PAM plugins
More information about the dovecot-cvs
mailing list