Thanks for the example and your info about fd4.
Durk
Durk Strooisma wrote:
Okay, thanks for verifying. What kind of scripting language would you suggest for checkpassword instead?
Perl works for me. Extract from such script:
use constant CHECKPASSWORD_MAX_LEN => 512; [...] my $input = IO::Handle->new_from_fd(3, "r"); if (not defined $input) { internal_error('read_from_dovecot - getting file descriptor failed'); return; } my $length = undef; my $buffer = ''; do { $length = $input->read($buffer, CHECKPASSWORD_MAX_LEN - length($buffer), length($buffer)) ; if ($input->error or not defined $length) { internal_error('read_from_dovecot - read failed'); $input->close; return; } } while ($length != 0); $input->close; my ($user, $password, $rest) = split /\0/, $buffer, 3; [...]
It is also possible to skip the execution of "checkpassword-reply". Assuming that dovecot will never change the protocol it expects from "checkpassword-reply", it is possible to write the reply to filedescriptor 4 in your script directly and skip invocation of the intermediate program. Works great.
Extract from such script:
# Exit Codes use constant AUTH_OK => 0; use constant AUTH_FAIL => 1; use constant AUTH_ERROR => 111; [...] my $output = IO::Handle->new_from_fd(4, "w"); if (not defined $output) { internal_error('write_to_dovecot - getting filedescriptor failed'); return; } $output->autoflush(1);
# Returning Username and Homedir to dovecot my $response = "user=${user}\tuserdb_home=${homedir}\t";
$output->print($response); if ($output->error) { internal_error('write_to_dovecot - write failed'); } $output->close; [...]
Exit your script with appropriate Exit Code (see constant definition above).
As dovecot does not provide RADIUS as authentication mechanism, I'm using CheckPassword interface with a perl script to ask a list of RADIUS servers and return everything which is necessary back to dovecot (-> userdb prefetch).
Heiko
Heiko Schlichting Freie Universität Berlin heiko@CIS.FU-Berlin.DE Zentraleinrichtung für Datenverarbeitung (ZEDAT) Telefon +49 30 838-54327 Fabeckstraße 32 Telefax +49 30 838454327 14195 Berlin