Authentication type for lan and haproxy (internet)
Kees van Vloten
keesvanvloten at gmail.com
Fri Apr 29 14:08:39 UTC 2022
Hi Team,
Would it be possible to setup a different authentication method
depending on the connection source?
I would like to use oauth2 (with mfa) for connections from internet via
haproxy, whereas on the lan I run samba-dc and hence AD (krb5) is the
method to use.
The latter is already setup and works fine, now I want to add oauth2 for
haproxy connections (or outside lan ip-range).
Here's the relevant bit of "dovecot -n":
auth_default_realm = EXAMPLE.COM
auth_gssapi_hostname = mailserver.example.com
auth_krb5_keytab = /etc/keytab/dovecot.keytab
auth_master_user_separator = *
auth_mechanisms = gssapi gss-spnego plain
auth_realms = EXAMPLE.COM
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
pass = yes
}
passdb {
driver = pam
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
- Kees.
More information about the dovecot
mailing list