[Dovecot] cutting everything after @
Hello,
I am migrating one server to dovecot. The only problem is, that users have logins with @domain as part of their user name. I want to use pam auth (for other reasons, if only for dovecot, I would use mysql, but I need the same password db to be used for other services, like samba).
Is there a way to allow this type of login? Just cut everything beginning with @. I can change the source code, but then I don't get nice automatic upgrades.
Or can this be done easily with PAM?
Thanks,
Juraj.
On Wednesday 27 Apr 2005 11:50 am, Juraj Bednar wrote:
Is there a way to allow this type of login? Just cut everything beginning with @. I can change the source code, but then I don't get nice automatic upgrades.
You can just specify this when creating the query for the dovecot mysql interface, it has a predefined pattern (%n) for username part of username@domain, which you can use in the query.
Debian dovecot package includes a dovecot-mysql.conf that explains this in sufficient detail for most purposes.
Strangely enough I've just been doing the exact opposite with Postfix and Postfix virtual users...
Or can this be done easily with PAM?
Can anything be done "easily" in PAM? ;)
Probably - I'd have no idea where to start.
Hello,
You can just specify this when creating the query for the dovecot mysql interface, it has a predefined pattern (%n) for username part of username@domain, which you can use in the query.
Debian dovecot package includes a dovecot-mysql.conf that explains this in sufficient detail for most purposes.
I said I would use mysql, if it was only for dovecot, but I use PAM and unix password database. I know how to do this with mysql, that's not a problem. I use unix password database now :(.
Juraj.
On 2005-04-27 14:06:11 +0200, Juraj Bednar wrote:
I said I would use mysql, if it was only for dovecot, but I use PAM and unix password database. I know how to do this with mysql, that's not a problem. I use unix password database now :(.
hmm why do you enforce the domain part in the login if you just want local users? if a user just logs in with "username", your problem would be solved. wouldnt it?
btw: postfix supports mysql, so does pam and many other services.
darix
-- irssi - the client of the smart and beautiful people
http://www.irssi.de/Hello,
hmm why do you enforce the domain part in the login if you just want local users? if a user just logs in with "username", your problem would be solved. wouldnt it?
I am migrating existing service. I have users, which have configured mail clients with logins in the form login@domain and I don't want to change >100 mail clients because of the server change.
btw: postfix supports mysql, so does pam and many other services.
I know, but again, I'm combining several working solutions together, so using mysql is just not acceptable. I'm using mysql passwd auth on other servers without problems, so I'm familiar with possibilities of mysql auth. :).
Juraj.
PAM "supports" mysql, but my experience with it hasn't been easy. The last version of pam_mysql released, 0.5, is over 2 years old. I found a mandrake src rpm of 0.4.7, and modified it for FC1 with 0.5, but I never had much success with it for multiple auth (I think I got it work once for ssh login, but that was the extent of my success). If anyone is interested in my src or rpm packages, they are available at http://www.noidea.us/easyfile/index.php?folder=5 for download.
Marcus Rueckert wrote:
On 2005-04-27 14:06:11 +0200, Juraj Bednar wrote:
I said I would use mysql, if it was only for dovecot, but I use PAM and unix password database. I know how to do this with mysql, that's not a problem. I use unix password database now :(.
hmm why do you enforce the domain part in the login if you just want local users? if a user just logs in with "username", your problem would be solved. wouldnt it?
btw: postfix supports mysql, so does pam and many other services.
darix
Libnss isn't bad if you want to avoid the PAM route but still have MySQL authentication with non-MySQL programs.
Rgeards Andrew
On Wednesday 27 April 2005 14:13, Robert Cooper wrote:
PAM "supports" mysql, but my experience with it hasn't been easy. The last version of pam_mysql released, 0.5, is over 2 years old. I found a mandrake src rpm of 0.4.7, and modified it for FC1 with 0.5, but I never had much success with it for multiple auth (I think I got it work once for ssh login, but that was the extent of my success). If anyone is interested in my src or rpm packages, they are available at http://www.noidea.us/easyfile/index.php?folder=5 for download.
Marcus Rueckert wrote:
On 2005-04-27 14:06:11 +0200, Juraj Bednar wrote:
I said I would use mysql, if it was only for dovecot, but I use PAM and unix password database. I know how to do this with mysql, that's not a problem. I use unix password database now :(.
hmm why do you enforce the domain part in the login if you just want local users? if a user just logs in with "username", your problem would be solved. wouldnt it?
btw: postfix supports mysql, so does pam and many other services.
darix
-- Andrew Hutchings (A-Wing) Linux Guru - Netserve Consultants Ltd. - www.domaincity.co.uk Admin - North Wales Linux User Group - www.nwlug.org.uk Proprietor - A-Wing Internet Services - www.a-wing.co.uk Random BOFH excuse: Netscape has crashed
On Wednesday 27 April 2005 11:50, Juraj Bednar wrote:
Hello,
I am migrating one server to dovecot. The only problem is, that users have logins with @domain as part of their user name. I want to use pam auth (for other reasons, if only for dovecot, I would use mysql, but I need the same password db to be used for other services, like samba).
Is there a way to allow this type of login? Just cut everything beginning with @. I can change the source code, but then I don't get nice automatic upgrades.
Or can this be done easily with PAM?
Thanks,
Juraj.
Would using passwd-file as your passwd database be acceptable? The authentication won't go via PAM, if that is what are looking for, but if you point passwd-file at a copy of the system passwd file you should be able to run an unmodified dovecot and use a single password for your services. Then just write a very short script to:
o filter out only the mail accounts from your master passwd, joe, bob, mary. o rewrite the entries into user@domain:password:::::etc format.
Then either run this every so often, or use the 'unix passwd sync' feature of samba to make sure it is synchronised when a user changes their password from Windows.
HTH,
Dominic GoodforBusiness.co.uk I.T. Services for SMEs in the UK.
participants (7)
-
Andrew Hutchings
-
Dominic Marks
-
Juraj Bednar
-
Juraj Bednar
-
Marcus Rueckert
-
Robert Cooper
-
Simon Waters