On Wed, 2006-03-15 at 16:32 +0100, Jelmer Vernooij wrote:
On Wed, Mar 15, 2006 at 04:23:05PM +0100, S. Thias wrote:
is there a possibility to map login-names to allowed Kerberos-Principals? At the moment GSSAPI-authentication seems to work only if loginname and kerberos-principal are the same, or am I missing something? I'm afraid that at the moment, that's not (yet) possible.
I added now a pass=yes option to passdbs. This allows doing the conversion using eg.:
passdb passwd-file { args = /etc/imap.users pass = yes }
Where the imap.users file would contain entries like:
imapuser:::::::user=realuser
Or it could be done with SQL, LDAP or whatever.
Now if only the GSSAPI code could somehow be told to do these passdb lookups. :) Maybe it should do it always for pass=yes passdbs? I'm not really sure..