Re: [Dovecot] strip realms and force lowercasing of usernames?
On Tue, 2005-06-14 at 03:16 -0700, Dan Hollis wrote:
PAM module only works for PAM passdb, Dovecot still does userdb lookup from /etc/passwd or wherever you have it.
PAM should be given a chance to modify the username dovecot uses to do the userdb lookup with.
Hmm. I remembered PAM wouldn't allow that, but looks like it does. Changed CVS version to support that now (non-tested though, but doesn't at least break the normal behavior).
On Tue, 14 Jun 2005, Timo Sirainen wrote:
On Tue, 2005-06-14 at 03:16 -0700, Dan Hollis wrote:
PAM module only works for PAM passdb, Dovecot still does userdb lookup from /etc/passwd or wherever you have it. PAM should be given a chance to modify the username dovecot uses to do the userdb lookup with. Hmm. I remembered PAM wouldn't allow that, but looks like it does. Changed CVS version to support that now (non-tested though, but doesn't at least break the normal behavior).
I've thought some more about writing a PAM module, but what's the solution for people who don't have pam and _must_ authenticate from /etc/passwd,shadow (getpwnam, getspnam)?
Seems to me the only truly universal solution is to do this inside dovecot. It already has code to mangle the username with modifiers for mailspool location, so applying the same code to allow modifying username would seem to be a logical and consistent extension of existing dovecot behavior.
-Dan
On Wed, 2005-06-15 at 13:11 -0700, Dan Hollis wrote:
On Tue, 14 Jun 2005, Timo Sirainen wrote:
On Tue, 2005-06-14 at 03:16 -0700, Dan Hollis wrote:
PAM module only works for PAM passdb, Dovecot still does userdb lookup from /etc/passwd or wherever you have it. PAM should be given a chance to modify the username dovecot uses to do the userdb lookup with. Hmm. I remembered PAM wouldn't allow that, but looks like it does. Changed CVS version to support that now (non-tested though, but doesn't at least break the normal behavior).
I've thought some more about writing a PAM module, but what's the solution for people who don't have pam and _must_ authenticate from /etc/passwd,shadow (getpwnam, getspnam)?
Seems to me the only truly universal solution is to do this inside dovecot. It already has code to mangle the username with modifiers for mailspool location, so applying the same code to allow modifying username would seem to be a logical and consistent extension of existing dovecot behavior.
That's assuming that the code for stripping domain away from username is useful for more than one or two people. I'm not really convinced of that. There may be a way to make this possible in some generic way by adding a feature that make this possible, but a strip_domain_from_username=yes setting just isn't going to happen.
On Thu, 16 Jun 2005, Timo Sirainen wrote:
Seems to me the only truly universal solution is to do this inside dovecot. It already has code to mangle the username with modifiers for mailspool location, so applying the same code to allow modifying username would seem to be a logical and consistent extension of existing dovecot behavior. That's assuming that the code for stripping domain away from username is useful for more than one or two people. I'm not really convinced of
On Wed, 2005-06-15 at 13:11 -0700, Dan Hollis wrote: that. There may be a way to make this possible in some generic way by adding a feature that make this possible, but a strip_domain_from_username=yes setting just isn't going to happen.
Think along the lines of reusing the existing dovecot code for mangling usernames into mailbox names:
default_mail_env = maildir:/var/mail/%Lu/%u/Maildir
would be something like this to strip the domain:
auth_passdb = passwd uname=%Ln
So not only does it use already existing dovecot code to process usernames, it also uses existing dovecot syntax, existing dovecot modifiers and does it in a generic way totally consistent with existing dovecot behavior.
-Dan
On Thu, 16 Jun 2005 01:42:11 +0300 Timo Sirainen tss@iki.fi wrote:
: That's assuming that the code for stripping domain away from username : is useful for more than one or two people. I'm not really convinced of : that. There may be a way to make this possible in some generic way by : adding a feature that make this possible, but a : strip_domain_from_username=yes setting just isn't going to happen.
I was looking for this option a year or so ago. I was converting a company from a hosted email 'system' to an in-house email server using postfix+dovecot. All of the accounts were local accounts (for various reasons), and the old system allowed either just the username or the full email address. I ended up going to each computer and changing the options manually.
strip_username_after='@' is pretty generic. But I'm not sure its the most elegent solution.
Normally it wouldn't matter, but it would be a great feature for migrating to Dovecot.
On Wed, 15 Jun 2005, Peter Hessler wrote:
On Thu, 16 Jun 2005 01:42:11 +0300 Timo Sirainen tss@iki.fi wrote: : That's assuming that the code for stripping domain away from username : is useful for more than one or two people. I'm not really convinced of I was looking for this option a year or so ago.
So that's three people then. me, jeff graves and peter hessler. More than two :-)
What's the exact 'minimum required users for a feature' number? :-)
-Dan
participants (3)
-
Dan Hollis
-
Peter Hessler
-
Timo Sirainen