On 27.11.2012, at 9.37, Nikita Koshikov wrote:
Here is the problem: I have few: passdb { #1 } passdb { #2 } And relative userdb sections. If user not found in 1) section it fallbacks to next one - it's expected and right, IMHO. But when the user exists in both section and password verification fails on 1) database it successfully authenticated on next one. I think this behaviour should be configured. The main goal of 1) section for this server is to overwrite users in main (section2) database.
Thank's for the anwer. It's a pity to hear, because it's security feature I need to provide. The problem - that main passdb - is ldap and there are about - 5-7 people who can edit it and simply to login as different users. Yes, activity is logged - but mailbox can be read\stolen. The main goal for passwd-file database is to revrite ldap very critical mailboxes to local file. It can be edited only but 1 person - it is nativly to trust 1, but not to 7.
Try if a modified version of Alessio's suggestion works:
passdb { driver = passwd-file args = /etc/passwd.important } passdb { driver = passwd-file args = /etc/passwd.important deny = yes } passdb { driver = ldap }