Dear Dovecote devotees,
I have been going through dovecot configuration for the first time. I am not an experienced systems administrator so I had to do a left turn to read up about PAM while doing all the configuration for my new webmail service.
I found that the writing in the dovecot documentation about PAM to be rather misleading in at least one aspect. The documentation I am specifically referring to is at http://wiki.dovecot.org/Authentication?highlight=%28authentication%29 and in the comments found in the dovecot.conf file. In this documentation PAM is referred to as a password database. It appears that is not correct, rather PAM is something that uses a password database.
Since the default for "auth_passdb" given in dovecot.conf was "pam" I spent sometime trying to find a pam password database. I eventually found out at an independent website that what pam uses is either /etc/passwd or /etc/shadow or /etc/samba/smbpasswd. It was a relief to find out pam uses one of these, since my system has one of them (/etc/shadow), but I was looking to find something quite different for pam since /etc/shadow is one of the listed alternative values for "auth_passdb".
I would have been spared a somewhat lengthy search to find out this information if the documentation was written rather more clearly. So, to help others, I suggest changing the following lines in dovecot.conf
# Where password database is kept: # passwd: /etc/passwd or similiar, using getpwnam() # shadow: /etc/shadow or similiar, using getspnam() # pam [<service> | *]: PAM authentication
to:
# Where password database is kept: # passwd: /etc/passwd or similiar, using getpwnam() # shadow: /etc/shadow or similiar, using getspnam() # pam [<service> | *]: /etc/shadow or similiar, using PAM authentication
Updating the documentation in http://wiki.dovecot.org/Authentication?highlight=%28authentication%29 to include a phrase that mentions that PAM authentication works from one of the standard password databases (i.e. /etc/passwd, /etc/shadow or /etc/samba/smbpasswd) would also be helpful.
yours sincerely,
Rolf