[Dovecot] IP based virtual users: stripping login domain?

Alan Ferrency alan at pair.com
Fri Sep 14 19:33:13 EEST 2007


Hello.

I have a likely unusual request regarding IP based virtual
dovecot users.

When you specify a passdb passwd-file name containing "%d", then the
domain portion is stripped from the login username, before the user is
checked in the passwd-file. However, if you specify a passwd-file name
containing "%l" (the local IP), the domain portion of the login is not
stripped off before the username is checked in the passwd-file.

This behavior makes sense, and should be considered the right and proper
thing to do. But in this case, I want to do something different anyway.

In the setup I'm working on, most logins will use domain based virtual
usernames. However, if a customer logs in with an unknown domain in
their login username, I'd like to fall back to IP-based virtualization,
based on the local IP they connect to.

I can't use auth_username_format to strip off %d, because that would
break the domain based virtualization. What I need is an option to make
%l work the way %d already works; or a format inside a passwd-file which
allows for partial matches in the "username" column.


If I can do this directly using a passwd-file, I'd like to do that. It
seems like it'd be easy if I were using an SQL back end, but that's not
an option. It's possible with an external authentication script, but I
want to explore more direct configuration options, first.

Does anyone have any recommendations? If what I want can't already be
done, and I patched dovecot to do one of these things, how likely
would it be to have that patch merged into the project?

Thanks,
Alan Ferrency
pair Networks, Inc.
alan at pair.com






More information about the dovecot mailing list