president@irithm.com wrote:
Dear Dovecote devotees,
I have been going through dovecot configuration for the first time. I am not an experienced systems administrator so I had to do a left turn to read up about PAM while doing all the configuration for my new webmail service.
I found that the writing in the dovecot documentation about PAM to be rather misleading in at least one aspect. The documentation I am specifically referring to is at http://wiki.dovecot.org/Authentication?highlight=%28authentication%29 and in the comments found in the dovecot.conf file. In this documentation PAM is referred to as a password database. It appears that is not correct, rather PAM is something that uses a password database.
Since the default for "auth_passdb" given in dovecot.conf was "pam" I spent sometime trying to find a pam password database. I eventually found out at an independent website that what pam uses is either /etc/passwd or /etc/shadow or /etc/samba/smbpasswd. It was a relief to find out pam uses one of these, since my system has one of them (/etc/shadow), but I was looking to find something quite different for pam since /etc/shadow is one of the listed alternative values for "auth_passdb".
I would have been spared a somewhat lengthy search to find out this information if the documentation was written rather more clearly. So, to help others, I suggest changing the following lines in dovecot.conf
# Where password database is kept: # passwd: /etc/passwd or similiar, using getpwnam() # shadow: /etc/shadow or similiar, using getspnam() # pam [<service> | *]: PAM authentication
to:
# Where password database is kept: # passwd: /etc/passwd or similiar, using getpwnam() # shadow: /etc/shadow or similiar, using getspnam() # pam [<service> | *]: /etc/shadow or similiar, using PAM authentication
Or maybe see http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules for even more ways to get Pam educated. Watch out for all the wikipedia entrys on Pamela Anderson tho, since they are not even remotely related to dovecot configuration. Ken A
Updating the documentation in http://wiki.dovecot.org/Authentication?highlight=%28authentication%29 to include a phrase that mentions that PAM authentication works from one of the standard password databases (i.e. /etc/passwd, /etc/shadow or /etc/samba/smbpasswd) would also be helpful.
yours sincerely,
Rolf