[Dovecot] NULL for password and proxy fields
In the course of experimenting with getting dovecot proxying to work, I took a guess at two things. These work fine for me, but now I'm wondering if they are "as designed" or just a lucky accident that might stop working in the future.
(I'm using dovecot 1.0.rc17, which is the included version in Ubuntu Feisty. (I am aware that some details change in v1.1, and I'm not worried about that right now.)
http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
The wiki page says about password forwarding, "Make sure that the authentication succeeds with any given password. You can do this by using empty passwords." I didn't know exactly now to interpret that last part, so I tried returning NULL as the value of the "password" field for proxy cases. That seems to make dovecot skip the password check will forwarding the user-submitted password to the proxy target host. Is that the intent of that part of that wiki page?
It looks like any value at all for the "proxy" field in the passdb lookup turns proxying on. The one exception is a value of NULL for "proxy", in which case proxying is not turned on and proxy-related other fields are ignored. Is that how it's intended to work?
If someone can give and informend confirmation that this is as-designed, I can add some clarifying remarks on those points on the wiki page.
Thanks.
bill-dovecot@carpenter.ORG (WJCarpenter) PGP 0x91865119 38 95 1B 69 C9 C6 3D 25 73 46 32 04 69 D6 ED F3
On Sun, 2008-02-03 at 12:03 -0800, WJCarpenter wrote:
http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
- The wiki page says about password forwarding, "Make sure that the authentication succeeds with any given password. You can do this by using empty passwords." I didn't know exactly now to interpret that last part, so I tried returning NULL as the value of the "password" field for proxy cases. That seems to make dovecot skip the password check will forwarding the user-submitted password to the proxy target host. Is that the intent of that part of that wiki page?
I think '' would work as well as NULL, but NULL is better.
- It looks like any value at all for the "proxy" field in the passdb lookup turns proxying on. The one exception is a value of NULL for "proxy", in which case proxying is not turned on and proxy-related other fields are ignored. Is that how it's intended to work?
Yes. It might change in some future release, but currently I'm not planning on changing it. 'Y' would anyway be a future-safe choice.
- It looks like any value at all for the "proxy" field in the passdb lookup turns proxying on. The one exception is a value of NULL for "proxy", in which case proxying is not turned on and proxy-related other fields are ignored. Is that how it's intended to work?
Yes. It might change in some future release, but currently I'm not planning on changing it. 'Y' would anyway be a future-safe choice.
Thanks for the information. I was actually asking about the other side of the coin ... is it safe to assume that "proxy=NULL" will disable the proxying, at least for the 1.0 series? (I saw the "proxy_maybe" for 1.1, which is also OK for me when I get to that release.)
On Mon, 2008-02-04 at 09:48 -0800, WJCarpenter wrote:
- It looks like any value at all for the "proxy" field in the passdb lookup turns proxying on. The one exception is a value of NULL for "proxy", in which case proxying is not turned on and proxy-related other fields are ignored. Is that how it's intended to work?
Yes. It might change in some future release, but currently I'm not planning on changing it. 'Y' would anyway be a future-safe choice.
Thanks for the information. I was actually asking about the other side of the coin ... is it safe to assume that "proxy=NULL" will disable the proxying, at least for the 1.0 series? (I saw the "proxy_maybe" for 1.1, which is also OK for me when I get to that release.)
Yes. It's even documented (somewhere) that NULL value means the same as if the field wasn't even selected by the query.
It's even documented (somewhere) that NULL value means the same as if the field wasn't even selected by the query.
Ah, so it is, on URL:http://wiki.dovecot.org/PasswordDatabase/ExtraFields Not sure how I missed that. Thanks.
also just as a note, when you go to 1.1 make sure to return nopassword='Y' if you return a NULL password or dovecot will complain and will fail auth.
On Feb 4, 2008 12:48 PM, WJCarpenter bill-dovecot@carpenter.org wrote:
- It looks like any value at all for the "proxy" field in the passdb lookup turns proxying on. The one exception is a value of NULL for "proxy", in which case proxying is not turned on and proxy-related other fields are ignored. Is that how it's intended to work?
Yes. It might change in some future release, but currently I'm not planning on changing it. 'Y' would anyway be a future-safe choice.
Thanks for the information. I was actually asking about the other side of the coin ... is it safe to assume that "proxy=NULL" will disable the proxying, at least for the 1.0 series? (I saw the "proxy_maybe" for 1.1, which is also OK for me when I get to that release.)
participants (4)
-
bill-dovecot@carpenter.ORG
-
Eric Hester
-
Timo Sirainen
-
WJCarpenter