On Fri, 2008-10-17 at 19:04 +0200, Sascha Wilde wrote:
The back end needs a special checkpassword program which follows the qmail semantics but additionally provides the user data without password verification when the environment variable AUTHORIZED is set.[1]
I have done some code cleanup (mainly factoring out common code of the passdb and userdb back ends) and you can found the current version, alongside with our acl-plugin enhancements, here:
http://hg.intevation.org/kolab/dovecot-1.2_kolab-branch/
Timo, what would be needed to get the new back end upstream?
Some small things:
rename checkpassword-common.c to db-checkpassword.c so it's consistent with others.
userdb checkpassword is a new dovecot-specific extension, so you can drop all vpopmail etc. exit code handlers. Just 3 needed: success, user doesn't exist and internal error (also being the default).
a valid userdb checkpassword script shouldn't be a valid passdb checkpassword script to avoid accidents. I guess this could be done by
Require userdb scripts to set USERDB environment.
checkpassword-reply checks if USERDB environment is set. If it is, return exit code 2 instead of 0.
userdb-checkpassword.c's success exit code is 2. exit code 0 would produce failure.
Hmm. Or perhaps instead of USERDB change the AUTHORIZED environment's value to something else.