[Dovecot] Specify auth service for protocols

Timo Sirainen tss at iki.fi
Mon Sep 6 17:51:54 EEST 2010


On Mon, 2010-09-06 at 16:42 +0200, Lukas Garberg wrote:

> As these additions cannot be used in the SQL query for the auth service
> used by postfix (as users would be able to authenticate with any
> password) I have defined a second auth service (auth postfix { ... }) in
> dovecot.conf which is slightly different; it returns the password hash
> instead of NULL as password and skips the proxy and nopasswd part.

That won't work. It's pretty much random how it'll behave.

> This works fine on one server, but on the other one the auth services
> get mixed up and the service defined for postfix (missing password and
> proxy stuff) is used by the POP3 and IMAP services and vice versa, which
> breaks the proxying. I've been trying my best to find any difference
> between the configuration of the two machines, but without result. The
> configurations are simply copies of each other.

Yeah, it's not even supposed to work the way you want it to work.

> So, to finally arrive at my question: Is there any way to specify which
> authentication service is to be used by each protocol in dovecot.conf?

With v2.0 you can just put the wanted passdbs into protocol imap/smtp {}
sections. With v1.2 you can't do anything like that.

> Or is the solution instead to rewrite the passdb-query to take the
> service into account and return 'Y' AS proxy when the service is postfix
> and 'N' AS proxy when the service is POP3 or IMAP as I then would be
> able to use only one authentication backend?

Yes, that's the only working way with v1.2. Perhaps even something like:

select ..proxy.. where '%s' != 'smtp' and ..etc..
union all
select ..auth.. where '%s' = 'smtp' and ..etc..




More information about the dovecot mailing list