dovecot-2.0: example-config: Moved passdbs and userdbs to separa...

dovecot at dovecot.org dovecot at dovecot.org
Sat Mar 6 16:35:14 EET 2010 

details:   http://hg.dovecot.org/dovecot-2.0/rev/b1d5982ffd14
changeset: 10853:b1d5982ffd14
user:      Timo Sirainen <tss at iki.fi>
date:      Sat Mar 06 16:34:52 2010 +0200
description:
example-config: Moved passdbs and userdbs to separate auth-*.conf.ext files.

diffstat:

 doc/example-config/conf.d/Makefile.am                 |    8 +
 doc/example-config/conf.d/auth-checkpassword.conf.ext |   21 ++
 doc/example-config/conf.d/auth-deny.conf.ext          |   15 +
 doc/example-config/conf.d/auth-ldap.conf.ext          |   22 ++
 doc/example-config/conf.d/auth-master.conf.ext        |   16 ++
 doc/example-config/conf.d/auth-passwdfile.conf.ext    |   14 +
 doc/example-config/conf.d/auth-sql.conf.ext           |   22 ++
 doc/example-config/conf.d/auth-system.conf.ext        |   71 ++++++++
 doc/example-config/conf.d/auth-vpopmail.conf.ext      |   15 +
 doc/example-config/conf.d/auth.conf                   |  190 +----------------------
 10 files changed, 213 insertions(+), 181 deletions(-)

diffs (truncated from 454 to 300 lines):

diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/Makefile.am
--- a/doc/example-config/conf.d/Makefile.am	Sat Mar 06 14:28:32 2010 +0200
+++ b/doc/example-config/conf.d/Makefile.am	Sat Mar 06 16:34:52 2010 +0200
@@ -3,6 +3,14 @@
 exampledir = $(docdir)/example-config/conf.d
 example_DATA = \
 	auth.conf \
+	auth-checkpassword.conf.ext \
+	auth-deny.conf.ext \
+	auth-ldap.conf.ext \
+	auth-master.conf.ext \
+	auth-passwdfile.conf.ext \
+	auth-sql.conf.ext \
+	auth-system.conf.ext \
+	auth-vpopmail.conf.ext \
 	imap.conf \
 	lda.conf \
 	lmtp.conf \
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-checkpassword.conf.ext
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-checkpassword.conf.ext	Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,21 @@
+# Authentication for checkpassword users. Included from auth.conf.
+#
+# <doc/wiki/AuthDatabase.CheckPassword.txt>
+
+passdb {
+  driver = checkpassword
+  args = /usr/bin/checkpassword
+}
+
+# passdb lookup should return also userdb info
+userdb {
+  driver = prefetch
+}
+
+# Standard checkpassword doesn't support direct userdb lookups.
+# If you need checkpassword userdb, the checkpassword must support
+# Dovecot-specific extensions.
+#userdb {
+#  driver = checkpassword
+#  args = /usr/bin/checkpassword
+#}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-deny.conf.ext
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-deny.conf.ext	Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,15 @@
+# Deny access for users. Included from auth.conf.
+
+# Users can be (temporarily) disabled by adding a passdb with deny=yes.
+# If the user is found from that database, authentication will fail.
+# The deny passdb should always be specified before others, so it gets
+# checked first.
+
+# Example deny passdb using passwd-file. You can use any passdb though.
+passdb {
+  driver = passwd-file
+  deny = yes
+
+  # File contains a list of usernames, one per line
+  args = /etc/dovecot/deny-users
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-ldap.conf.ext
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-ldap.conf.ext	Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,22 @@
+# Authentication for LDAP users. Included from auth.conf.
+#
+# <doc/wiki/AuthDatabase.LDAP.txt>
+
+passdb {
+  driver = ldap
+
+  # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
+  args = /etc/dovecot/dovecot-ldap.conf.ext
+}
+
+# "prefetch" user database means that the passdb already provided the
+# needed information and there's no need to do a separate userdb lookup.
+# <doc/wiki/UserDatabase.Prefetch.txt>
+#userdb {
+#  driver = prefetch
+#}
+
+userdb {
+  driver = ldap
+  args = /etc/dovecot/dovecot-ldap.conf.ext
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-master.conf.ext
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-master.conf.ext	Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,16 @@
+# Authentication for master users. Included from auth.conf.
+
+# By adding master=yes setting inside a passdb you make the passdb a list
+# of "master users", who can log in as anyone else.
+# <doc/wiki/Authentication.MasterUsers.txt>
+
+# Example master user passdb using passwd-file. You can use any passdb though.
+passdb {
+  driver = passwd-file
+  master = yes
+  args = /etc/dovecot/master-users
+
+  # Unless you're using PAM, you probably still want the destination user to
+  # be looked up from passdb that it really exists. pass=yes does that.
+  pass = yes
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-passwdfile.conf.ext
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-passwdfile.conf.ext	Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,14 @@
+# Authentication for passwd-file users. Included from auth.conf.
+#
+# passwd-like file with specified location.
+# <doc/wiki/AuthDatabase.PasswdFile.txt>
+
+passdb {
+  driver = passwd-file
+  args = scheme=CRYPT username_format=%u /etc/dovecot/users
+}
+
+userdb {
+  driver = passwd-file
+  args = username_format=%u /etc/dovecot/users
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-sql.conf.ext
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-sql.conf.ext	Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,22 @@
+# Authentication for SQL users. Included from auth.conf.
+#
+# <doc/wiki/AuthDatabase.SQL.txt>
+
+passdb {
+  driver = sql
+
+  # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
+  args = /etc/dovecot/dovecot-sql.conf.ext
+}
+
+# "prefetch" user database means that the passdb already provided the
+# needed information and there's no need to do a separate userdb lookup.
+# <doc/wiki/UserDatabase.Prefetch.txt>
+#userdb {
+#  driver = prefetch
+#}
+
+userdb {
+  driver = sql
+  args = /etc/dovecot/dovecot-sql.conf.ext
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-system.conf.ext
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-system.conf.ext	Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,71 @@
+# Authentication for system users. Included from auth.conf.
+#
+# <doc/wiki/PasswordDatabase.txt>
+# <doc/wiki/UserDatabase.txt>
+
+# PAM authentication. Preferred nowadays by most systems.
+# PAM is typically used with either userdb passwd or userdb static.
+# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
+# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
+passdb {
+  driver = pam
+  # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
+  # [cache_key=<key>] [<service name>]
+  #args = dovecot
+}
+
+# System users (NSS, /etc/passwd, or similiar).
+# In many systems nowadays this uses Name Service Switch, which is
+# configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
+#passdb {
+  #driver = passwd
+  # [blocking=yes]
+  #args = 
+#}
+
+# Shadow passwords for system users (NSS, /etc/shadow or similiar).
+# Deprecated by PAM nowadays.
+# <doc/wiki/PasswordDatabase.Shadow.txt>
+#passdb {
+  #driver = shadow
+  # [blocking=yes]
+  #args = 
+#}
+
+# PAM-like authentication for OpenBSD.
+# <doc/wiki/PasswordDatabase.BSDAuth.txt>
+#passdb {
+  #driver = bsdauth
+  # [cache_key=<key>]
+  #args =
+#}
+
+##
+## User databases
+##
+
+# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
+# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
+userdb {
+  # <doc/wiki/AuthDatabase.Passwd.txt>
+  driver = passwd
+  # [blocking=no]
+  #args = 
+}
+
+# Static settings generated from template <doc/wiki/UserDatabase.Static.txt>
+#userdb {
+  #driver = static
+  # Can return anything a userdb could normally return. For example:
+  #
+  #  args = uid=500 gid=500 home=/var/mail/%u
+  #
+  # LDA and LMTP needs to look up users only from the userdb. This of course
+  # doesn't work with static userdb because there is no list of users.
+  # Normally static userdb handles this by doing a passdb lookup. This works
+  # with most passdbs, with PAM being the most notable exception. If you do
+  # the user verification another way, you can add allow_all_users=yes to
+  # the args in which case the passdb lookup is skipped.
+  #
+  #args =
+#}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth-vpopmail.conf.ext
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/auth-vpopmail.conf.ext	Sat Mar 06 16:34:52 2010 +0200
@@ -0,0 +1,15 @@
+# Authentication for vpopmail users. Included from auth.conf.
+#
+# <doc/wiki/AuthDatabase.VPopMail.txt>
+
+passdb {
+  driver = vpopmail
+
+  # [cache_key=<key>]
+  # [quota_template=<template>] - %q expands to Maildir++ quota
+  args = quota_template=quota_rule=*:backend=%q
+}
+
+userdb {
+  driver = vpopmail
+}
diff -r f7755658257d -r b1d5982ffd14 doc/example-config/conf.d/auth.conf
--- a/doc/example-config/conf.d/auth.conf	Sat Mar 06 14:28:32 2010 +0200
+++ b/doc/example-config/conf.d/auth.conf	Sat Mar 06 16:34:52 2010 +0200
@@ -91,7 +91,7 @@
 auth_mechanisms = plain
 
 ##
-## Password databases
+## Password and user databases
 ##
 
 #
@@ -102,187 +102,15 @@
 #
 # <doc/wiki/PasswordDatabase.txt>
 #
-# By adding master=yes setting inside a passdb you make the passdb a list
-# of "master users", who can log in as anyone else. Unless you're using PAM,
-# you probably still want the destination user to be looked up from passdb
-# that it really exists. This can be done by adding pass=yes setting to the
-# master passdb. <doc/wiki/Authentication.MasterUsers.txt>
-
-# Users can be temporarily disabled by adding a passdb with deny=yes.
-# If the user is found from that database, authentication will fail.
-# The deny passdb should always be specified before others, so it gets
-# checked first. Here's an example:
-
-#passdb {
-  #driver = passwd-file
-  # File contains a list of usernames, one per line
-  #args = /etc/dovecot.deny
-  #deny = yes
-#}
-
-passdb {
-  # PAM authentication. Preferred nowadays by most systems. 
-  # Note that PAM can only be used to verify if user's password is correct,
-  # so it can't be used as userdb. If you don't want to use a separate user
-  # database (passwd usually), you can use static userdb.
-  # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
-  # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
-  driver = pam
-  # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
-  # [cache_key=<key>] [<service name>]
-  #
-  # session=yes makes Dovecot open and immediately close PAM session. Some
-  # PAM plugins need this to work, such as pam_mkhomedir.
-  #
-  # setcred=yes makes Dovecot establish PAM credentials if some PAM plugins
-  # need that. They aren't ever deleted though, so this isn't enabled by
-  # default.
-  #
-  # max_requests specifies how many PAM lookups to do in one process before
-  # recreating the process. The default is 100, because many PAM plugins

More information about the dovecot-cvs mailing list