[Dovecot] Dovecot SASL & Postfix
This is probably a dumb question, but I'll ask anyway.
I am currently using Postfix with Dovecot and Cyrus-SASL. I want to switch over to Dovecot SASL. The regular Dovecot user/password file is not the same as the file used by cyrus-sasl. Usewr names and passwords are different. I created a flat file that dovecot can use for SASL look-ups; however, exactly where in the Dovecot config file to I place the entry.
-- Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.
Am 17.03.2013 13:04, schrieb Jerry:
I am currently using Postfix with Dovecot and Cyrus-SASL. I want to switch over to Dovecot SASL. The regular Dovecot user/password file is not the same as the file used by cyrus-sasl
I created a flat file that dovecot can use for SASL look-ups
the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special
On Sun, 17 Mar 2013 13:21:38 +0100 Reindl Harald articulated:
Am 17.03.2013 13:04, schrieb Jerry:
I am currently using Postfix with Dovecot and Cyrus-SASL. I want to switch over to Dovecot SASL. The regular Dovecot user/password file is not the same as the file used by cyrus-sasl
I created a flat file that dovecot can use for SASL look-ups
the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special
Because that is the way the system was originally configured. I had nothing to do with it.
The system uses a simple format:
user@doman.com password
The SASL mechanism presently in use uses:
user@hostname.domain.com password
Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now.
If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor.
-- Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.
On 2013-03-17 9:08 AM, Jerry jerry@seibercom.net wrote:
Because that is the way the system was originally configured. I had nothing to do with it.
The system uses a simple format:
user@doman.com password
The SASL mechanism presently in use uses:
user@hostname.domain.com password
Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now.
If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor.
Personally, I would *much* prefer the pain of changing everyone over to a single password backend for both just one time, than to have to continue to maintain a broken system.
--
Best regards,
Charles
Am 17.03.2013 14:08, schrieb Jerry:
the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special
Because that is the way the system was originally configured. I had nothing to do with it.
time to fix it or not touch it at all
The system uses a simple format:
user@doman.com password
The SASL mechanism presently in use uses:
user@hostname.domain.com password
pff - sounds funny for the users whoever did set this up -> seek and punish this guy :-)
Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now.
so do not touch it at all or do it right for one last time
If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor.
how should it be told?
dovecot has it's passwords and usernames, they are still used for IMAP/POP3 if postfix is using dovecot-SASL dovecot will take over SASL auth at all and is using it's usernames and passwords
On Sun, 17 Mar 2013 17:27:04 +0100 Reindl Harald articulated:
Am 17.03.2013 14:08, schrieb Jerry:
the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special
Because that is the way the system was originally configured. I had nothing to do with it.
time to fix it or not touch it at all
The system uses a simple format:
user@doman.com password
The SASL mechanism presently in use uses:
user@hostname.domain.com password
pff - sounds funny for the users whoever did set this up -> seek and punish this guy :-)
Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now.
so do not touch it at all or do it right for one last time
If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor.
how should it be told?
dovecot has it's passwords and usernames, they are still used for IMAP/POP3 if postfix is using dovecot-SASL dovecot will take over SASL auth at all and is using it's usernames and passwords
From what I was told, it was originally set up so that if a user's mailbox password was compromised, it would not also compromise their SASL password. Actually, it does seem to make a somewhat more secure system.
Having an optional file for use strictly with SASL in Dovecot would seem like something that could be quite useful under the right circumstances. In any case, I will revisit this problem when I feel inclined to fight with the current users of the system.
-- Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.
participants (3)
-
Charles Marcus
-
Jerry
-
Reindl Harald