Dovecot integration w/ FreeIPA expired password as well as if over quota login notice; local user can't login
As I continue to test freeipa-server-4.9.3-1, on Fedora 33 with dovecot-2.3.14-1 I've run into the following issues with web mail and Dovecot integration.
I followed https://www.freeipa.org/page/Dovecot_IMAPS_Integration_with_FreeIPA_using_Si... but I couldn't get web mail to login until I used the suggestion from https://blog.delouw.ch/2017/02/19/integrate-dovecot-imap-with-freeipa-using-... and changed logins auth_mechanisms = plain gssapi login which allowed logins of FreeIPA Kerberos users.
even with auth_mechanisms = plain gssapi login, I could then no longer login to SquirrelMail webmail with any local Unix (non-Kerberized) users. The dovecot logs show:
auth: Error: policy(localuser@ourdomain.edu,127.0.0.1,
- If a user was over quota there was no way to tell on the webmail page that they were over quota but the dovecot logs show imap(ouruser): Error: mkdir(/path/to/ouruser/mail/.imap) failed: Disk quota exceeded.
Would there be a security risk if the web page displayed a warning that could be generalized to inform the user to either check their quota or password reset being needed?
participants (1)
-
Robert Kudyba