[Dovecot] optionnal arguments to ntlm_auth helper
Hello,
I'm setting up (at least I try) to set up network services with single sign on. I could build and configure dovecat to use samba's ntlm_auth helper to achieve ntlm authentication of imap users. The point is, I wanted to restrict which users could actually authenticate through ntlm. The ntlm_auth helper has this ability with the --require-membership-of=... command line parameter. I first tried (unsuccessfully) to add this parameter to the auth_winbind_helper_path token in dovecot.conf, and figured out by checking the source that this was not possible. I then decided to patch the source so that one can pass any argument to the ntlm_auth helper by specifying at new line in dovecot.conf with the token "auth_winbind_helper_args" (for instance, what I wanted to do is "auth_winbind_helper_args = --require-membership-of=... ")
Well, here comes the patch. It is to be used with recent 1.1.2 release.
Best regards
François
On Jul 25, 2008, at 7:22 AM, François LEGAL wrote:
I first tried (unsuccessfully) to add this parameter to the
auth_winbind_helper_path token in dovecot.conf, and figured out by
checking the source that this was not possible. I then decided to patch the source so that one can pass any argument
to the ntlm_auth helper by specifying at new line in dovecot.conf
with the token "auth_winbind_helper_args" (for instance, what I
wanted to do is "auth_winbind_helper_args = --require-membership- of=... ")
There are already too many settings, so do you think it would work ok
if auth_winbind_helper_path was instead modified to support arguments?
(could you send a patch for that too? :)
On Jul 25, 2008, at 7:22 AM, François LEGAL wrote:
I first tried (unsuccessfully) to add this parameter to the auth_winbind_helper_path token in dovecot.conf, and figured out by checking the source that this was not possible. I then decided to patch the source so that one can pass any argument to the ntlm_auth helper by specifying at new line in dovecot.conf with the token "auth_winbind_helper_args" (for instance, what I wanted to do is "auth_winbind_helper_args = --require-membership- of=... ")
There are already too many settings, so do you think it would work ok if auth_winbind_helper_path was instead modified to support arguments?
I guess it would
(could you send a patch for that too? :)
Let me work on that, I'll come back to the list with the patch.
François
--
participants (3)
-
devel@thom.fr.eu.org
-
François LEGAL
-
Timo Sirainen