Message: 2 Date: Wed, 18 Jun 2003 13:21:08 +0200 (CEST) From: Andreas Aardal Hanssen dovecot@andreas.hanssen.name Subject: Re: [Dovecot] Multiple auth howto To: Dovecot mailing list dovecot@procontrol.fi Message-ID: Pine.LNX.4.44.0306181319060.29812-100000@shusaku.troll.no Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 18 Jun 2003 ohp@pyrenet.fr wrote:
Well, short answer: You can't. Put them all to one place (eg. pgsql), maybe using some automated scripts. I don't know if I should even consider about supporting fallbacking.. Hi Timo, Thanks for your answer. The reason I came to dovcot is that I thought it was possible. I've benn researching this for weeks now. First thought that cyrus would do that, it does but though SASL and pam whitch I don't have. How difficult would it be to implement a fallback?
Does this tool do what you want? (checkpassword only though, but I bet you will find checkpassword compatible authenticators that suit your needs):
It surely is interesting bu I'd rather see modules inside the server, see below
-- Andreas Aardal Hanssen
Message: 4 Date: 18 Jun 2003 15:31:36 +0300 From: Timo Sirainen tss@iki.fi Subject: Re: [Dovecot] Multiple auth howto To: dovecot@procontrol.fi Message-ID: 1055939496.10262.163.camel@hurina Content-Type: text/plain
On Wed, 2003-06-18 at 14:05, ohp@pyrenet.fr wrote:
Well, short answer: You can't. Put them all to one place (eg. pgsql), maybe using some automated scripts. I don't know if I should even consider about supporting fallbacking..
Hi Timo, Thanks for your answer. The reason I came to dovcot is that I thought it was possible. I've benn researching this for weeks now. First thought that cyrus would do that, it does but though SASL and pam whitch I don't have.
How difficult would it be to implement a fallback?
Not very. I'm mostly concerned about what happens if the user exists in both authenticators. I guess normally this shouldn't happen, but you can't really guarantee that and mistakes happen..
Yes mistakes happen. Why could'nt you (we?) do like proftpd that has a parameter that give the order of authenticators first one wins.
That way you could even have the same user as a real and virtual account with differents passwords
If fallbacking happened only when user isn't found from first authenticator, that could work a bit more safely, but I'm not sure if I can know with PAM if check failed because user wasn't found or because password didn't match.
I don't know either. My idea is to get rid of PAM for that's although fantastic on the paper is a Linux thing that I can't even compile here.
Regards
-- Olivier PRENANT Tel: +33-5-61-50-97-00 (Work) Quartier d'Harraud Turrou +33-5-61-50-97-01 (Fax) 31190 AUTERIVE +33-6-07-63-80-64 (GSM) FRANCE Email: ohp@pyrenet.fr
Make your life a dream, make your dream a reality. (St Exupery)