Again, this doesn't help with doveadm running as the local user, and also doesn't help with
the PAM authentication.

passdb {
  driver = pam
  #[session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=20]
  #[cache_key=<key>] [<service name>]
  args = failure_show_msg=yes session=yes max_requests=20
  skip = authenticated
}

How can I default the domain for PAM authentication?
(I've set auth_default_realm and it doesn't help in this case).

# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
userdb {
  # <doc/wiki/AuthDatabase.Passwd.txt>
  driver = passwd-file
  # [blocking=no]
  args = username_format=%Ln /etc/passwd
  #override_fields = user=%Ln /etc
  #name = %Ln

  # Override fields from passwd
  #override_fields = home=/home/virtual/%u
  #skip = found
}



On Mon, Apr 15, 2019 at 6:31 AM John Fawcett via dovecot <dovecot@dovecot.org> wrote:
On 15/04/2019 12:59, Larry Rosenman via dovecot wrote:
forgot to reply all.

---------- Forwarded message ---------
From: Larry Rosenman <larryrtx@gmail.com>
Date: Mon, Apr 15, 2019 at 5:58 AM
Subject: Re: SOLR/Index?
To: John Fawcett <john@voipsupport.it>


the local users (myself, my wife, a friend) can authenticate EITHER as <username> or <username>@lerctr.org.

switching to all virtual users is NOT going to happen. 

If I login to roundcube with <user>@lerctr.org it finds the autoindexed mail.

So, if I make everyone always authenticate as <user>@lerctr.org we should be fine.

and change my script to do doveadm -u <user>@<domain> instead of depending on the local user running the cron job. 

question: Is there some way to have dovecot change what it sees to be <user>@lerctr.org when they login as <user>?


Dovecot is very configurable, but it can also take some time, effort and testing to get the configuration you want. Personally I don't mix user types since it takes out an element of complexity.

For your case you might find it useful to look into auth_default_realm

that can specify a domain name when one is not supplied.

https://wiki2.dovecot.org/DomainLost

Other things that might be useful: there is a method for returning a "user" field from the userdb query or passdb query which will change the username. Or there is another setting that can overriding values of fields returned by the userdb.

https://wiki.dovecot.org/UserDatabase

Hope it helps!

John



--
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c)     E-Mail: larryrtx@gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106