[Dovecot] Suggestion: mod_auth_dovecot
Hello,
I have a suggestion which might be a small and very useful project for a C coder (I'm not one!).
As Dovecot makes its authentication interface available to other programs, I think that an Apache module to use it would be very useful.
Currently I share an passwd-db file between Dovecot and Apache. However with Apache that means I have to give Apache read access. That means that websites with PHP could read that password file if they liked. If Apache could talk to the Dovecot authentication process instead, that would be a lot better.
I'm sure there are lots of situations in which this would be useful - Dovecot's authentication settings are so flexible that it would be very handy to be able to use them more widely.
If anyone produces one, I pledge to produce an RPM package and submit it to Fedora as my contribution. I would do it myself if I knew C...
David
I forgot to say something! Alternatively, a PAM module pam_dovecot might be equally useful. (Then Apache could use it via mod_auth_pam and other services could use it too, e.g. SSH, FTP.... but only of course on platforms with PAM).
David
On Monday 02 Apr 2007, David Anderson wrote:
Hello,
(snip)
On 2.4.2007, at 15.53, David Anderson wrote:
I forgot to say something! Alternatively, a PAM module pam_dovecot
might be equally useful. (Then Apache could use it via mod_auth_pam and
other services could use it too, e.g. SSH, FTP.... but only of course on platforms with PAM).
Yep. And nss_dovecot, libsasl.so compatible replacement for Cyrus
SASL, etc. :)
I'm not really interested in learning PAM/NSS internals though. I'm
willing to help anyone who wants to implement them though.
On Monday 02 Apr 2007, Timo Sirainen wrote:
Yep. And nss_dovecot, libsasl.so compatible replacement for Cyrus SASL, etc. :)
I'm not really interested in learning PAM/NSS internals though. I'm willing to help anyone who wants to implement them though.
Would you be interested in including with dovecot a binary that does authentication using the dovecot socket?
Something that:
- takes username/password on two lines on STDIN
- exits with a status code to indicate success/failure
- (+ logs to syslog, and has a short delay on failure to prevent abuse).
Such a binary could then be used out-of-the-box by all kinds of programs using the glue that already exists. e.g. For Apache there are various modules that can run external binaries to get the decision. Indeed, such a binary as I apply above would work unmodified with mod_auth_shadow (as it uses precisely the protocol I describe above).
David
-- "For I am not ashamed of the gospel of Christ: for it is the power of God unto salvation to every one that believes; to the Jew first, and also to the Greek." - Romans 1:16
On Mon, 2007-04-02 at 14:17 +0100, David Anderson wrote:
On Monday 02 Apr 2007, Timo Sirainen wrote:
Yep. And nss_dovecot, libsasl.so compatible replacement for Cyrus SASL, etc. :)
I'm not really interested in learning PAM/NSS internals though. I'm willing to help anyone who wants to implement them though.
Would you be interested in including with dovecot a binary that does authentication using the dovecot socket?
I'd want to distribute dovecot-auth separately. That could at least have this kind of a binary. Although I suppose if I can't get dovecot-auth out of the main tarball, it could be included in the main package as well for now..
David Anderson wrote:
Hello,
I have a suggestion which might be a small and very useful project for a C coder (I'm not one!).
As Dovecot makes its authentication interface available to other programs, I think that an Apache module to use it would be very useful.
I had actually been planning to write a module for LigHTTPd to the same end.
I figure what I learn there would only help me write one for Apache, so this is my throwing my hat into the ring.
-- Curtis Maloney cmaloney@cardgate.net
On 02:34:46 2007-04-03 Curtis Maloney cmaloney@cardgate.net wrote:
David Anderson wrote:
Hello,
I have a suggestion which might be a small and very useful project for a C coder (I'm not one!).
As Dovecot makes its authentication interface available to other programs, I think that an Apache module to use it would be very useful.
I had actually been planning to write a module for LigHTTPd to the same end.
I figure what I learn there would only help me write one for Apache, so this is my throwing my hat into the ring.
And I've been looking for a way to auth my mail users with lighttpd stuff :)
If you need a beta tester lemme know :)
-- Andraž "ruskie" Levstik Source Mage GNU/Linux Games grimoire guru Geek/Hacker/Tinker
Hacker FAQ: http://www.plethora.net/%7eseebs/faqs/hacker.html Be sure brain is in gear before engaging mouth.
Key id = F4C1F89C Key fingerprint = 6FF2 8F20 4C9D DB36 B5B6 F134 884D 72CC F4C1 F89C
participants (4)
-
"Andraž 'ruskie' Levstik"
-
Curtis Maloney
-
David Anderson
-
Timo Sirainen