Mapping usernames used for authentication to UNIX usernames
John Stoffel
john at stoffel.org
Thu Jun 17 00:53:52 EEST 2021
Frank> I'm looking for some advice or pointers how to best solve a
Frank> small problem that I have. I have no doubt that this can be
Frank> done in dovecot, but I'm struggling to find the easiest way to
Frank> implement it.
Frank> First of all, what I have:
Frank> I have a relative small dovecot setup for a dozen domains, and about 50
Frank> users in total. All users use IMAP to retrieve mail, and SMTP submission
Frank> protocol to submit email.
Frank> Because of the small size, every user has its own UNIX account,
Frank> authentication is done using PAM and mail is stored in a
Frank> Maildir folder in their home directory. Works perfectly!
Do these users ever login and use their Unix account? Or do they only
access the system via IMAP to read email? If this, then I would
completely move away from local accounts and unix home dirs and just
use virtual users instead. Then you login with your email address and
password to get mail. Much simpler!
Frank> There is one minor inconvenience. When a new mail client is
Frank> configured, users (often guided by the auto config generator of
Frank> the mail client) tend to use their email address as the
Frank> username to authenticate instead of their UNIX account name,
Frank> which fails of course.
Frank> Would it be possible to configure something that will map an
Frank> email address to the UNIX account name and use the account name
Frank> for authentication and obtaining the related information (uid,
Frank> gid, home dir)?
Frank> I do have two concerns:
Frank> 1) I do not want to break existing mail configurations, so
Frank> authentication with the UNIX username should still be possible.
I think you can have multiple usernames pointing to the same backend
account, so moving to virtual users would be even simpler.
Frank> 2) I cannot do a simple reg. exp for the translation because
Frank> every email domain has e.g. an info at domain.com mailbox, and I
Frank> do not want them all to go to UNIX user "info".
Even if you do offer Unix logins, I would still seperate the user
email logins from the Unix logins. Just having all email access
happen via IMAP makes things simpler. And if they want to read email
from their unix acocunt, a text based IMAP tool like mutt should be
good enough.
John
More information about the dovecot
mailing list