Hi,
I'm writing to you on behalf of the Pasteur Institute's (Paris, France) IT team. We're currently using dovecot-0.99.10.5_2 on a FreeBSD 5.3. We're planning to upgrade to dovecot-1.x with an openLDAP user and password database and patch it at the same time to include some authentication feature we're using :
Since most of our user currently don't use dovecot at all and still authenticate on a DEC alpha running OSF1 [digital unix] V5.1 732, an authentication profile is maintained for each of them on the system. This user profile is kept in the protected password database, accessible only to trusted programs acting on behalf of the trusted computing base (TCB).
Some TCB fields are useful to us so we're planning to use their LDAP attibute equivalents and we wrote a custom LDAP shema that includes those which were missing from the standard openLDAP distribution [see details below].
So we're planning (in fact are about to) patch dovecot-1.x in order to take those LDAP attribute (matching the TCB field of interest to us) into account. To do so, we wrote some documentation (still in a draft state) to extend our understanding of dovecot architecture and authentication process.
Of course, we're going to give it (patch + doc) back to you and make it freely available. But we'd like to know if you :
were already working on such a patch or planning to do so
were interested, once done (by us or you) to include it into the official release, since it could interest some other person who runs digital unix with TCB authentication
Thanks
-- Thomas Hummel | Institut Pasteur, Paris, France hummel@pasteur.fr | Pôle informatique - systèmes et réseau
Here are some details about which attribute we're planning to use and their TCB equivalents
uidNumber ~ u_id uid ~ u_name userPassword ~ u_pwd shadowLastChange ~ u_succhg shadowExpire ~ u_expdate shadowMax ~ u_life shadowWarning ~ u_exp [ shadowWarning = u_life - u_exp]
plus the one we wrote :
maxTries ~ u_maxtries
[ maximum number of consecutive unsuccessful login attempts to the account that are permitted until the account is disabled ]
numUnsucLog ~ u_numunsuclog
[ number of unsuccessful login attempts to the account. It is reset when a successful login to the account occurs.]
Lock ~ u_lock
[ A boolean indicating if the account is locked ]