[Dovecot] Virtual Domains and Master Users
Can I have a master users list for each virtual domain? I'm not sure from what I read on the page:
http://wiki.dovecot.org/Authentication/MasterUsersauth default { mechanisms = plain login CRAM-MD5
passdb passwd-file { args = /var/mail/vhosts/%d/passwd.masterusers master = yes pass = yes } passdb passwd-file { args = username_format=%n /var/mail/vhosts/%d/passwd }
userdb passwd-file { args = username_format=%n /var/mail/vhosts/%d/passwd } ... }
TIA, Rod
On Oct 15, 2008, at 11:19 PM, Roderick A. Anderson wrote:
Can I have a master users list for each virtual domain? I'm not
sure from what I read on the page:
Not really. There are two possibilities that I can think of:
a) Use passdb checkpassword and verify that the master user
($MASTER_USER environment) is valid for the current username.
b) Let the user log in and change mail_executable to be a script that
does the same check as a). This is potentially dangerous, since it
works only for imap/pop3 process, not necessarily for others that may
come in future or e.g. SMTP AUTH..
passdb passwd-file { args = /var/mail/vhosts/%d/passwd.masterusers master = yes pass = yes }
This allows you to list master@domain users in separate files, but
each user can still authenticate as anyone from any domain.
Timo Sirainen wrote:
On Oct 15, 2008, at 11:19 PM, Roderick A. Anderson wrote:
Can I have a master users list for each virtual domain? I'm not sure from what I read on the page:
Not really. There are two possibilities that I can think of:
a) Use passdb checkpassword and verify that the master user ($MASTER_USER environment) is valid for the current username.
I'll look into this.
b) Let the user log in and change mail_executable to be a script that does the same check as a). This is potentially dangerous, since it works only for imap/pop3 process, not necessarily for others that may come in future or e.g. SMTP AUTH..
passdb passwd-file { args = /var/mail/vhosts/%d/passwd.masterusers master = yes pass = yes }
This allows you to list master@domain users in separate files, but each user can still authenticate as anyone from any domain.
Does the IMAP specification call for Master Users (I don't remember seeing it?) Or is this an implementation specific (Dovecot, et al.) _feature_?
How difficult would it be to make per-domain master user(s) a part of Dovecot?
Rod
Rod
On Thu, 2008-10-16 at 06:28 -0700, Roderick A. Anderson wrote:
Does the IMAP specification call for Master Users (I don't remember seeing it?)
No.
Or is this an implementation specific (Dovecot, et al.) _feature_?
Yes.
How difficult would it be to make per-domain master user(s) a part of Dovecot?
But then what about people who want to make a master user for two domains.. I think it needs a bit of design to make it useful for more people.
Timo Sirainen wrote:
On Thu, 2008-10-16 at 06:28 -0700, Roderick A. Anderson wrote:
Does the IMAP specification call for Master Users (I don't remember seeing it?)
No.
Or is this an implementation specific (Dovecot, et al.) _feature_?
Yes.
How difficult would it be to make per-domain master user(s) a part of Dovecot?
But then what about people who want to make a master user for two domains.. I think it needs a bit of design to make it useful for more people.
I just planned on putting in the same id/password in for each domain. Too much work.
I've dealt with iMail (IPSwitch) and it allows each domain to have mail manager(s) -- master user. I think it also has mega-manager(s) -- over all domains.
So for now I'll look into using the checkpassword process.
Thanks for the insight, Rod
participants (2)
-
Roderick A. Anderson
-
Timo Sirainen