4 Jan
2013
4 Jan
'13
1:59 a.m.
On 31.12.2012, at 2.26, Ben Morrow ben@morrow.me.uk wrote:
I've been wondering for a while about patching Dovecot to support its own krb5 ACL file under the Dovecot directory, not least because it would be useful to be able to give a principal IMAP access without necessarily giving it shell access, but it's not entirely straightforward since currently Dovecot verifies the Kerberos creds before it even tries to look up the user in the userdb.
I'm not entirely sure what it would need to do, but I'm pretty sure that code belongs to passdb. mech-gssapi.c already does a passdb lookup, and it could be moved to be done earlier if wanted.