On Monday 02 Apr 2007, Timo Sirainen wrote:
Yep. And nss_dovecot, libsasl.so compatible replacement for Cyrus SASL, etc. :)
I'm not really interested in learning PAM/NSS internals though. I'm willing to help anyone who wants to implement them though.
Would you be interested in including with dovecot a binary that does authentication using the dovecot socket?
Something that:
- takes username/password on two lines on STDIN
- exits with a status code to indicate success/failure
- (+ logs to syslog, and has a short delay on failure to prevent abuse).
Such a binary could then be used out-of-the-box by all kinds of programs using the glue that already exists. e.g. For Apache there are various modules that can run external binaries to get the decision. Indeed, such a binary as I apply above would work unmodified with mod_auth_shadow (as it uses precisely the protocol I describe above).
David
-- "For I am not ashamed of the gospel of Christ: for it is the power of God unto salvation to every one that believes; to the Jew first, and also to the Greek." - Romans 1:16