Re: [Dovecot] PAM and user@domain login?
Yes, it does. I wish the documentation on the Wiki was easier to find gems like this.
Thank You!
On Fri, Nov 15, 2013 at 12:43 PM, Pascal Volk < user+dovecot@localhost.localdomain.org> wrote:
On 11/15/2013 06:35 PM Larry Rosenman wrote:
Is there a way with 2.2.6 to have the system do a PAM login for user when presented with login user@domain pass from the IMAP services?
I have a stupid android client that wants to use user@domain but doesn't have an option to pass just user.....
Thanks for any help.
Does auth_username_format=%n solve your issue?
Regards, Pascal
The trapper recommends today: decade.1331919@localdomain.org
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688
Larry Rosenman skrev den 2013-11-15 19:47:
Yes, it does. I wish the documentation on the Wiki was easier to find gems like this.
Does auth_username_format=%n solve your issue?
should only be used for pam auth, not other auth backends, problem is not dovecot but unix logins is not possible with @ :=)
and how can I restrict it to PAM only?
# doveconf -n # 2.2.6: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-BETA3 amd64 auth_mechanisms = plain login auth_username_format = %Ln disable_plaintext_auth = no lda_mailbox_autocreate = yes lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_location = mbox:~/mail:INBOX=~/mail/INBOX mail_plugins = snarf fts fts_lucene stats mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace Snarf { hidden = yes list = no location = mbox:~/mail:INBOX=/var/mail/%u:INDEX=MEMORY prefix = ~~Snarfbox/ separator = / } namespace archive { hidden = no inbox = no list = no location = mbox:~/MAILARCHIVE prefix = "#ARCHIVE/" separator = / } namespace default { hidden = yes list = no location = prefix = ~~default/ separator = / } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox INBOX { auto = create } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { fts = lucene fts_lucene = whitespace_chars=@. normalize no_snowball mbox_snarf = ~/mail/INBOX sieve = ~/.dovecot.sieve sieve_dir = ~/sieve snarf = ~~Snarfbox/INBOX stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 5s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } service auth { unix_listener auth-client { mode = 0666 } unix_listener auth-master { mode = 0666 } } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0666 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { driver = passwd } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags mail_max_userip_connections = 50 mail_plugins = snarf fts fts_lucene stats imap_stats } #
On Sat, Nov 16, 2013 at 1:45 PM, Benny Pedersen <me@junc.eu> wrote:
Larry Rosenman skrev den 2013-11-15 19:47:
Yes, it does. I wish the documentation on the Wiki was easier to find
gems like this.
Does auth_username_format=%n solve your issue?
should only be used for pam auth, not other auth backends, problem is not dovecot but unix logins is not possible with @ :=)
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688
Larry Rosenman skrev den 2013-11-16 21:01:
and how can I restrict it to PAM only?
put auth_username_format=%n into passdb pam driver container only
but showed dovecot -n say you only using pam, so have this global is working aswell
It doesn't seem to like it there....
# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt> passdb { driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>] # [cache_key=<key>] [<service name>] #args = dovecot auth_username_format = %u }
# System users (NSS, /etc/passwd, or similiar). # In many systems nowadays this uses Name Service Switch, which is # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt> #passdb { #driver = passwd # [blocking=no] auth-system.conf.ext: 75 lines, 2210 characters. # doveconf # 2.2.6: /usr/local/etc/dovecot/dovecot.conf doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 15: Unknown setting: auth_username_format doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 15: Unknown setting: auth_username_format #
On Sat, Nov 16, 2013 at 3:26 PM, Benny Pedersen <me@junc.eu> wrote:
Larry Rosenman skrev den 2013-11-16 21:01:
and how can I restrict it to PAM only?
put auth_username_format=%n into passdb pam driver container only
but showed dovecot -n say you only using pam, so have this global is working aswell
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688
Larry Rosenman skrev den 2013-11-16 22:31:
It doesn't seem to like it there....
Timo?
but you miss to setup realm in 10-auth.conf
auth_username_format=%n is so only global setting :(
# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt> passdb { driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>] # [cache_key=<key>] [<service name>] #args = dovecot auth_username_format = %u }
# System users (NSS, /etc/passwd, or similiar). # In many systems nowadays this uses Name Service Switch, which is # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt> #passdb { #driver = passwd # [blocking=no] auth-system.conf.ext: 75 lines, 2210 characters. # doveconf # 2.2.6: /usr/local/etc/dovecot/dovecot.conf doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 15: Unknown setting: auth_username_format doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 15: Unknown setting: auth_username_format #
On Sat, Nov 16, 2013 at 3:26 PM, Benny Pedersen <me@junc.eu> wrote:
Larry Rosenman skrev den 2013-11-16 21:01:
and how can I restrict it to PAM only?
put auth_username_format=%n into passdb pam driver container only
but showed dovecot -n say you only using pam, so have this global is working aswell
-- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
fixed, but...
# doveconf -n # 2.2.6: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-BETA3 amd64 auth_default_realm = lerctr.org auth_mechanisms = plain login auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org auth_username_format = %Ln disable_plaintext_auth = no lda_mailbox_autocreate = yes lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_location = mbox:~/mail:INBOX=~/mail/INBOX mail_plugins = snarf fts fts_lucene stats mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace Snarf { hidden = yes list = no location = mbox:~/mail:INBOX=/var/mail/%u:INDEX=MEMORY prefix = ~~Snarfbox/ separator = / } namespace archive { hidden = no inbox = no list = no location = mbox:~/MAILARCHIVE prefix = "#ARCHIVE/" separator = / } namespace default { hidden = yes list = no location = prefix = ~~default/ separator = / } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox INBOX { auto = create } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { fts = lucene fts_lucene = whitespace_chars=@. normalize no_snowball mbox_snarf = ~/mail/INBOX sieve = ~/.dovecot.sieve sieve_dir = ~/sieve snarf = ~~Snarfbox/INBOX stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 5s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } service auth { unix_listener auth-client { mode = 0666 } unix_listener auth-master { mode = 0666 } } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0666 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { driver = passwd } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags mail_max_userip_connections = 50 mail_plugins = snarf fts fts_lucene stats imap_stats } #
On Sat, Nov 16, 2013 at 3:49 PM, Benny Pedersen <me@junc.eu> wrote:
Larry Rosenman skrev den 2013-11-16 22:31:
It doesn't seem to like it there....
Timo?
but you miss to setup realm in 10-auth.conf
auth_username_format=%n is so only global setting :(
# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt> passdb { driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>] # [cache_key=<key>] [<service name>] #args = dovecot auth_username_format = %u }
# System users (NSS, /etc/passwd, or similiar). # In many systems nowadays this uses Name Service Switch, which is # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt> #passdb { #driver = passwd # [blocking=no] auth-system.conf.ext: 75 lines, 2210 characters. # doveconf # 2.2.6: /usr/local/etc/dovecot/dovecot.conf doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 15: Unknown setting: auth_username_format doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 15: Unknown setting: auth_username_format #
On Sat, Nov 16, 2013 at 3:26 PM, Benny Pedersen <me@junc.eu> wrote:
Larry Rosenman skrev den 2013-11-16 21:01:
and how can I restrict it to PAM only?
put auth_username_format=%n into passdb pam driver container only
but showed dovecot -n say you only using pam, so have this global is working aswell
-- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688
still what needs Timo's help with the stripping of the domain for PAM....
On 11/16/13, Benny Pedersen <me@junc.eu> wrote:
Larry Rosenman skrev den 2013-11-16 22:53:
fixed, but...
what error now ?
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688
On 16.11.2013, at 23.49, Benny Pedersen <me@junc.eu> wrote:
Larry Rosenman skrev den 2013-11-16 22:31:
It doesn't seem to like it there....
Timo?
but you miss to setup realm in 10-auth.conf
auth_username_format=%n is so only global setting :(
That’s been in my TODO for a while, so yeah, not possible currently. I’m not sure if there might be some PAM plugin that drops out the @domain.
# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt> passdb { driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>] # [cache_key=<key>] [<service name>] #args = dovecot auth_username_format = %u } # System users (NSS, /etc/passwd, or similiar). # In many systems nowadays this uses Name Service Switch, which is # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt> #passdb { #driver = passwd # [blocking=no] auth-system.conf.ext: 75 lines, 2210 characters. # doveconf # 2.2.6: /usr/local/etc/dovecot/dovecot.conf doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 15: Unknown setting: auth_username_format doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 15: Unknown setting: auth_username_format # On Sat, Nov 16, 2013 at 3:26 PM, Benny Pedersen <me@junc.eu> wrote:
Larry Rosenman skrev den 2013-11-16 21:01: and how can I restrict it to PAM only? put auth_username_format=%n into passdb pam driver container only but showed dovecot -n say you only using pam, so have this global is working aswell
-- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
I haven't seen one that I can find, Timo -- It might be a good thing to either add it, or modify your PAM calls to do it by design.....
On 11/16/13, Timo Sirainen <tss@iki.fi> wrote:
On 16.11.2013, at 23.49, Benny Pedersen <me@junc.eu> wrote:
Larry Rosenman skrev den 2013-11-16 22:31:
It doesn't seem to like it there....
Timo?
but you miss to setup realm in 10-auth.conf
auth_username_format=%n is so only global setting :(
That’s been in my TODO for a while, so yeah, not possible currently. I’m not sure if there might be some PAM plugin that drops out the @domain.
# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt> passdb { driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>] # [cache_key=<key>] [<service name>] #args = dovecot auth_username_format = %u } # System users (NSS, /etc/passwd, or similiar). # In many systems nowadays this uses Name Service Switch, which is # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt> #passdb { #driver = passwd # [blocking=no] auth-system.conf.ext: 75 lines, 2210 characters. # doveconf # 2.2.6: /usr/local/etc/dovecot/dovecot.conf doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 15: Unknown setting: auth_username_format doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 15: Unknown setting: auth_username_format # On Sat, Nov 16, 2013 at 3:26 PM, Benny Pedersen <me@junc.eu> wrote:
Larry Rosenman skrev den 2013-11-16 21:01: and how can I restrict it to PAM only? put auth_username_format=%n into passdb pam driver container only but showed dovecot -n say you only using pam, so have this global is working aswell
-- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688
participants (3)
-
Benny Pedersen
-
Larry Rosenman
-
Timo Sirainen