On Tue, Nov 27, 2012 at 3:04 AM, Timo Sirainen <tss@iki.fi> wrote:
On 23.11.2012, at 9.46, Nikita Koshikov wrote:
Hello list,
Here is the problem: I have few: passdb { #1 } passdb { #2 } And relative userdb sections. If user not found in 1) section it fallbacks to next one - it's expected and right, IMHO. But when the user exists in both section and password verification fails on 1) database it successfully authenticated on next one. I think this behaviour should be configured. The main goal of 1) section for this server is to overwrite users in main (section2) database.
It's not always possible to know why #1 failed. For example PAM doesn't always tell if the password was wrong or if the user didn't exist.
Maybe I missed something and this option is already in dovecot code and I can't find it ? Or if not - will it be added in the future ?
I'm not very interested in adding it, especially because it can't be done reliably.
Thank's for the anwer. It's a pity to hear, because it's security feature I need to provide. The problem - that main passdb - is ldap and there are about - 5-7 people who can edit it and simply to login as different users. Yes, activity is logged - but mailbox can be read\stolen. The main goal for passwd-file database is to revrite ldap very critical mailboxes to local file. It can be edited only but 1 person - it is nativly to trust 1, but not to 7.