Hi Kirill,
Thanks for your reply. Such a simple flat file approach would be perfect, and I don't mind at all to require app specific usernames *and* passwords.
However, I am unsure how to combine your recipe below with our regular AD userdb/passdb.
Perhaps someone can give me some pointers in that direction?
MJ
On 07/20/2017 06:50 PM, Kirill Miazine wrote:
I'm not familiar with samba AD and with it's features and limitation. For my simple system I'm using plain files for passdb and userdb (aka. passwd-file). Application (or rather device) specific passwords are implementing by using having an additional "username" with a specific password for a particular application or device. E.g. some entries for myself:
bbmutt:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M kmozilla:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M sailpad:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M workphone:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240MThe files are generated automatically from a Single Source of Truth.
In my case I'm selecting the username myself, but there's nothing preventing you from generating a username/password combination for your users.
Note that in my setup users will have application specific username and password, not only application specific password. It was easier to implement it quickly this way.
Greetz Kirill