[Dovecot] SASL using different auth database?
Hi folks. Is it possible to configure Dovecot to authenticate
against one mechanism (i.e., /etc/passwd) for POP/IMAP connections,
while providing a SASL authentication socket that satisfies
authentication requests against a different mechanism, say MySQL?
The goal here is to allow users to have different passwords for
SMTP authentication and POP/IMAP connections. I am converting an
existing installation to Dovecot...this installation currently has
quite a few users who are configured with SMTP authentication (Cyrus
SASL/saslauthdb) using different passwords than are configured for
their POP connections (via cucipop, /etc/passwd). If someone can
think of any better way to accomplish this goal, I'm all ears.
Thanks,
-Dave
-- Dave McGuire Port Charlotte, FL
On Thu, 2007-05-10 at 20:57 -0400, Dave McGuire wrote:
The goal here is to allow users to have different passwords for
SMTP authentication and POP/IMAP connections. I am converting an
existing installation to Dovecot...this installation currently has
quite a few users who are configured with SMTP authentication (Cyrus
SASL/saslauthdb) using different passwords than are configured for
their POP connections (via cucipop, /etc/passwd). If someone can
think of any better way to accomplish this goal, I'm all ears.
Currently you'd have to run two Dovecots to be able to do this. If you do that, set a different base_dir for them and that should be enough.
I'll try to make this work with one dovecot-auth for Dovecot v2.0.
Timo Sirainen wrote:
On Thu, 2007-05-10 at 20:57 -0400, Dave McGuire wrote:
The goal here is to allow users to have different passwords for
SMTP authentication and POP/IMAP connections. I am converting an
existing installation to Dovecot...this installation currently has
quite a few users who are configured with SMTP authentication (Cyrus
SASL/saslauthdb) using different passwords than are configured for
their POP connections (via cucipop, /etc/passwd). If someone can
think of any better way to accomplish this goal, I'm all ears.Currently you'd have to run two Dovecots to be able to do this. If you do that, set a different base_dir for them and that should be enough.
I'll try to make this work with one dovecot-auth for Dovecot v2.0.
If you can assign two IPs to the server, one for SMTP, and one for POP/IMAP, and you can use a SQL backend, you could craft your db schema and queries to pull the appropriate password based on the local IP of the connection. I know this isn't exactly what you were looking for, but I figured I would throw it out there anyway.
On Fri, 2007-05-11 at 11:39 -0400, Justin McAleer wrote:
If you can assign two IPs to the server, one for SMTP, and one for POP/IMAP, and you can use a SQL backend, you could craft your db schema and queries to pull the appropriate password based on the local IP of the connection. I know this isn't exactly what you were looking for, but I figured I would throw it out there anyway.
Probably an easier way to do that is to use %s which expands to smtp, imap or pop3.
Timo Sirainen wrote:
On Fri, 2007-05-11 at 11:39 -0400, Justin McAleer wrote:
If you can assign two IPs to the server, one for SMTP, and one for POP/IMAP, and you can use a SQL backend, you could craft your db schema and queries to pull the appropriate password based on the local IP of the connection. I know this isn't exactly what you were looking for, but I figured I would throw it out there anyway.
Probably an easier way to do that is to use %s which expands to smtp, imap or pop3.
Doh! I went the route I did because we will be using the local IP to support userid-only logins (many domains), so I was familiar with that variable. Indeed this is much better :)
On May 11, 2007, at 11:50 AM, Timo Sirainen wrote:
If you can assign two IPs to the server, one for SMTP, and one for POP/IMAP, and you can use a SQL backend, you could craft your db
schema and queries to pull the appropriate password based on the local IP of the connection. I know this isn't exactly what you were looking
for, but I figured I would throw it out there anyway.Probably an easier way to do that is to use %s which expands to smtp, imap or pop3.
That sounds like what I'd want to do. I will hit the
documentation for the specifics. Thanks to all who replied!
-Dave
-- Dave McGuire Port Charlotte, FL
participants (3)
-
Dave McGuire
-
Justin McAleer
-
Timo Sirainen