[Dovecot] Authentication feature I need
OK - here's whay I need to make it work for my Linuxconf compatible authentication system. First - a question:
Will this work? I can find docs on "virtualfile.
auth virtualfile { mechanisms = plain digest-md5 userdb = passwd-file /etc/vmail/passwd.%d passdb = passwd-file /etc/vmail/shadow.%d user = root }
Then - since the dmain name selects the passwd file, if there were a feature to make %n be us user instead of the whole email address then I have what I need.
Password files are placed in the /etc/vmail directory as follows:
/etc/vmail/passwd.domain1 /etc/vmail/shadow.domain1 /etc/vmail/passwd.domain2 /etc/vmail/shadow.domain2
The password and shadow files are exactly the same format as the /etc/password and /etc/shadow files. The user name within the files would be the %n part of the email address passed to authenticate with.
Basically the password file names are /etc/vmail/passwd.%d with the user withing the file being %n.
marc:x:40000:12:Marc Perkel:/vhome/perkel.com/home/marc:/bin/false test:x:40001:12::/vhome/perkel.com/home/test:/bin/false dd:x:40002:12:Atia:/vhome/perkel.com/home/dd:/bin/false test2:x:40003:12::/vhome/perkel.com/home/test2:/bin/false
Actually maybe it's passwd-file I want? Docs are confusing.
auth passwd { userdb = passwd-file /etc/vmail/passwd.%d passdb = passwd-file /etc/vmail/shadow.%d }
Marc Perkel wrote:
OK - here's whay I need to make it work for my Linuxconf compatible authentication system. First - a question:
Will this work? I can find docs on "virtualfile.
auth virtualfile { mechanisms = plain digest-md5 userdb = passwd-file /etc/vmail/passwd.%d passdb = passwd-file /etc/vmail/shadow.%d user = root }
Then - since the dmain name selects the passwd file, if there were a feature to make %n be us user instead of the whole email address then I have what I need.
Password files are placed in the /etc/vmail directory as follows:
/etc/vmail/passwd.domain1 /etc/vmail/shadow.domain1 /etc/vmail/passwd.domain2 /etc/vmail/shadow.domain2
The password and shadow files are exactly the same format as the /etc/password and /etc/shadow files. The user name within the files would be the %n part of the email address passed to authenticate with.
Basically the password file names are /etc/vmail/passwd.%d with the user withing the file being %n.
marc:x:40000:12:Marc Perkel:/vhome/perkel.com/home/marc:/bin/false test:x:40001:12::/vhome/perkel.com/home/test:/bin/false dd:x:40002:12:Atia:/vhome/perkel.com/home/dd:/bin/false test2:x:40003:12::/vhome/perkel.com/home/test2:/bin/false
-- Marc Perkel - marc@perkel.com
Spam Filter: http://www.junkemailfilter.com My Blog: http://marc.perkel.com
On Sunday 17 July 2005 15:40, Marc Perkel wrote:
Actually maybe it's passwd-file I want? Docs are confusing.
auth passwd { userdb = passwd-file /etc/vmail/passwd.%d passdb = passwd-file /etc/vmail/shadow.%d }
Yes. If the %d expansion happened at authentication time, that would be correct.
You should (could) run the auth process as a non-root user as a security enhancement since there is no need for root privs with passwd-file authentication.
Marc Perkel wrote:
OK - here's whay I need to make it work for my Linuxconf compatible authentication system. First - a question:
Will this work? I can find docs on "virtualfile.
auth virtualfile { mechanisms = plain digest-md5 userdb = passwd-file /etc/vmail/passwd.%d passdb = passwd-file /etc/vmail/shadow.%d user = root }
Then - since the dmain name selects the passwd file, if there were a feature to make %n be us user instead of the whole email address then I have what I need.
Password files are placed in the /etc/vmail directory as follows:
/etc/vmail/passwd.domain1 /etc/vmail/shadow.domain1 /etc/vmail/passwd.domain2 /etc/vmail/shadow.domain2
The password and shadow files are exactly the same format as the /etc/password and /etc/shadow files. The user name within the files would be the %n part of the email address passed to authenticate with.
Basically the password file names are /etc/vmail/passwd.%d with the user withing the file being %n.
marc:x:40000:12:Marc Perkel:/vhome/perkel.com/home/marc:/bin/false test:x:40001:12::/vhome/perkel.com/home/test:/bin/false dd:x:40002:12:Atia:/vhome/perkel.com/home/dd:/bin/false test2:x:40003:12::/vhome/perkel.com/home/test2:/bin/false
-- Dominic Marks
Dominic Marks wrote:
On Sunday 17 July 2005 15:40, Marc Perkel wrote:
Actually maybe it's passwd-file I want? Docs are confusing.
auth passwd { userdb = passwd-file /etc/vmail/passwd.%d passdb = passwd-file /etc/vmail/shadow.%d }
Yes. If the %d expansion happened at authentication time, that would be correct.
You should (could) run the auth process as a non-root user as a security enhancement since there is no need for root privs with passwd-file authentication.
If that worked then all I would need then is a way to us %n instead of the whole email address to be the user that is looked up. The idea is that the domain name %d selects the file to look in and the %n part is the username within that file.
participants (2)
-
Dominic Marks
-
Marc Perkel