I just use all virtual user accounts. these virtual users have a flag
that I set, if I want that account to be a system account, for things
such as ssh/shell/... usage.
But a single user registry makes things much simpler than having
several, and then attempting to integrate them into a single list, vs
separating a single list into several uses.
Quoting Mark Olbert Mark@arcabama.com:
Apologies if this has already been raised here (which I suspect it
has 😊). I tried to raise it as an issue over on github but issues
are not enabled for the repository.The support for mixing virtual users, with fully-qualified email
addresses, and system users could be simpler. Assuming it doesn’t
mess up other stuff in the code base, of course 😊.The problem appears to be that the PAM passwd module requires just
user names without a domain (which makes sense given that they’re
system users) but does not, so far as I can see, support the
username_format argument. In my setup, the default structure of
10-auth.conf demonstrates this:auth_username_format = %n
That means all username arguments lack the domain part…which
complicates using fully-qualified ones for virtual users. I realize
I could assign arbitrary unique names to the virtual accounts in the
lookup file. But that complicates administering the system, so I
want to be able to include the domain for virtual users.After about five hair-pulling hours of wrestling with the
configuration I stumbled across an answer utilizing
conditionalshttps://serverfault.com/questions/260488/dovecot-user-lookup-fails-when-usin... on ServerFault. It works
fine.But being able to pass a username_format parameter to the PAM module
(which I tried, but it was rejected) would be a lot simpler, and a
lot more intuitive.
Mark