[Dovecot] user database clarification
Hi, this question gets back to a thread I started back on July 8th.
(gosh how time flies)
I still am not clear on why PAM is not supported for the user database.
I'm in an environment that has users both in local flat files (/etc/passwd and /etc/shadow) AND in an LDAP database.
Is it possible for this set up to work with dovecot? (both local and ldap users have imap/pop?)
I'd prefer to just have Dovecot use PAM for user db and the password database so that I can configure PAM to try both local users and LDAP users.
Thanks a lot. -jared
On Wed, 2003-07-23 at 17:52, Jared wrote:
Hi, this question gets back to a thread I started back on July 8th.
(gosh how time flies)I still am not clear on why PAM is not supported for the user database.
Because PAM only provides a way to ask "does user X have password Y?". It doesn't provide a way to ask user's UID, GID or home directory.
I'm in an environment that has users both in local flat files (/etc/passwd and /etc/shadow) AND in an LDAP database.
Is it possible for this set up to work with dovecot? (both local and ldap users have imap/pop?)
No fallbacking currently. I'll probably add it though. Fallbacking btw. is possible only with plaintext authentication, but I guess that's what everyone uses anyway..
On Wednesday, Jul 23, 2003, at 11:07 US/Eastern, Timo Sirainen wrote:
On Wed, 2003-07-23 at 17:52, Jared wrote:
I still am not clear on why PAM is not supported for the user database.
Because PAM only provides a way to ask "does user X have password Y?". It doesn't provide a way to ask user's UID, GID or home directory.
I'm way out of my league here, but I thought getting UID, GID, etc, was the job of nsswitch.
I'm in an environment that has users both in local flat files (/etc/passwd and /etc/shadow) AND in an LDAP database.
Is it possible for this set up to work with dovecot? (both local and ldap users have imap/pop?)
No fallbacking currently. I'll probably add it though. Fallbacking btw. is possible only with plaintext authentication, but I guess that's what everyone uses anyway..
I'd definitely like to see this. I've got a bunch of crufty old and oddball accounts that I'd prefer not to put in LDAP.
Thanks, -jared
On Wed, 2003-07-23 at 18:52, Jared wrote:
I still am not clear on why PAM is not supported for the user database.
Because PAM only provides a way to ask "does user X have password Y?". It doesn't provide a way to ask user's UID, GID or home directory.
I'm way out of my league here, but I thought getting UID, GID, etc, was the job of nsswitch.
That too. If you want to use nsswitch, use "passwd" as user database.
On Wed, 2003-07-23 at 18:07, Timo Sirainen wrote:
I'm in an environment that has users both in local flat files (/etc/passwd and /etc/shadow) AND in an LDAP database.
Is it possible for this set up to work with dovecot? (both local and ldap users have imap/pop?)
No fallbacking currently. I'll probably add it though. Fallbacking btw. is possible only with plaintext authentication, but I guess that's what everyone uses anyway..
CVS supports it now.
I also moved auth client code into lib-auth/ directory. Mostly because it's cleaner there, but I was also thinking that maybe some other programs would want to talk to dovecot-auth. SMTP servers come to my mind first. Wouldn't it be nice to keep all the authentication settings in one place? :) It's possible with LDAP and SQL databases, but I'd rather use passwd-file with the few users I need.
participants (3)
-
Jared
-
Jared
-
Timo Sirainen