Hello R.,
Thank you for the reply.
On 4/17/23 14:49, Robert Lister wrote:
Interesting...
I'm not sure why you would need to set : "NULL AS password, 'Y' as nopassword", but then I haven't seen the rest of your auth config. This would seem to allow any password but succeed if it matches the rest of the query.
The query does not return the password, only the hash, thus "NULL AS password", as I understand it. It is documented. The 'Y' as no password is found earlier in this thread.
It seemed a bit awkward to me to embed static variables in the query which are always going to be the same.
In the auth- config, or 10-mail.conf I just set:-
# Defaults: mail_uid = vmail mail_gid = vmail mail_home = /var/lib/vmail/%d/%n
# (this is set elsewhere in 10-mail.conf.) mail_location = maildir:~/Maildir
I think you are right. My eye was on migrating global settings to SQL accounts but it probably will not happen. Nevertheless, I suspect it adds little burden having static variables given it requires no database access, no?
userdb can still override these if needed, but it means that the query is a lot simpler and if one of the queries doesn't return home/uid/gid etc, it's always going to be set anyway.
Seems to me it is a matter of preference.
What does the "crypt" bit of "IF (crypt & 1, SHA2('%w',512)" do? crypt it before running the select?
Why not just set:
default_pass_scheme = ?
"crypt" bit 0 is a flag to encrypt passwords. I have chosen a custom hash. Can I replace it with "default_pass_scheme = ?"?
Regards, David
R.
On 2023-04-17 18:57, dkoski@sutinen.com wrote:
For the archive: This MySQL configuration seems to work well.
user_query =
SELECT
email AS user,
'/var/lib/vmail/%d/%n' AS home,
'maildir:/var/lib/vmail/%d/%n/Maildir' AS mail,
5000 AS uid,
5000 AS gid
FROM
view_users
WHERE
email='%u'
AND
enable = '1'password_query =
SELECT
email AS user,
NULL AS password,
'Y' as nopassword
FROM
view_users
WHERE
email='%u'
AND
password=IF (crypt & 1, SHA2('%w',512), password)
AND
enable = '1'
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org