Re: System users lookup via PAM: strip the domain name?
Ok,, I was half awake when I typed that 😀
Sent from my Sprint Samsung Galaxy S8+. -------- Original message --------From: Aki Tuomi aki.tuomi@dovecot.fi Date: 7/13/17 6:19 AM (GMT-06:00) To: Dovecot List dovecot@dovecot.org, Larry Rosenman larryrtx@gmail.com Subject: Re: System users lookup via PAM: strip the domain name? No it's intentionally %Ln to convert user1@domain into user1 for PAM.
Aki
On July 13, 2017 at 2:03 PM Larry Rosenman larryrtx@gmail.com wrote:
Is the %Ln on the 2nd passdb supposed to be a %Lu?
Sent from my Sprint Samsung Galaxy S8+. -------- Original message --------From: Aki Tuomi aki.tuomi@dovecot.fi Date: 7/13/17Â 4:43 AMÂ (GMT-06:00) To: Dovecot List dovecot@dovecot.org, Larry Rosenman larryrtx@gmail.com Subject: Re: System users lookup via PAM: strip the domain name? No.
It's just a placeholder, like %u or %d.
Aki
On July 13, 2017 at 10:57 AM Larry Rosenman larryrtx@gmail.com wrote:
Will %{original_username} set %d as well?
Sent from my Sprint Samsung Galaxy S8+. -------- Original message --------From: Aki Tuomi aki.tuomi@dovecot.fi Date: 7/13/17Â 12:34 AMÂ (GMT-06:00) To: Dovecot List dovecot@dovecot.org, Larry Rosenman larryrtx@gmail.com Subject: Re: System users lookup via PAM: strip the domain name?
On July 13, 2017 at 4:27 AM Larry Rosenman larryrtx@gmail.com wrote:
I have a need for the following:
Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) wirhOUT @domain in /etc/passwd
Virtual Users in SQL (with full user@domain in the DB)
Â
When I have auth_username_format = %Ln I can’t auth the Virtual Users, and if I have auth_username_format = %Lu I can’t auth System users.
Â
Is there a compromise somewhere?
You could try using %{original_username} in SQL.
Or you can try removing the auth_username_format and instead
passdb { driver = sql args = ... } passdb { driver = static args = user=%Ln noauthenticate # you can remove next line if you want to always normalize your usernames skip = authenticated } passdb { driver = pam args = ... skip = authenticated }
Aki
Bingo, that works well.
Might it be useful to document this on the Wiki?
(some of the constructs used aren’t real clear there).
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: larryrtx@gmail.com
US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
From: Larry Rosenman larryrtx@gmail.com Date: Thursday, July 13, 2017 at 6:36 AM To: Aki Tuomi aki.tuomi@dovecot.fi, Dovecot List dovecot@dovecot.org Subject: Re: System users lookup via PAM: strip the domain name?
Ok,, I was half awake when I typed that 😀
Sent from my Sprint Samsung Galaxy S8+.
-------- Original message -------- From: Aki Tuomi aki.tuomi@dovecot.fi Date: 7/13/17 6:19 AM (GMT-06:00) To: Dovecot List dovecot@dovecot.org, Larry Rosenman larryrtx@gmail.com Subject: Re: System users lookup via PAM: strip the domain name? No it's intentionally %Ln to convert user1@domain into user1 for PAM. Aki > On July 13, 2017 at 2:03 PM Larry Rosenman larryrtx@gmail.com wrote: > > > Is the %Ln on the 2nd passdb supposed to be a %Lu? > > > Sent from my Sprint Samsung Galaxy S8+. > -------- Original message --------From: Aki Tuomi aki.tuomi@dovecot.fi Date: 7/13/17 4:43 AM (GMT-06:00) To: Dovecot List dovecot@dovecot.org, Larry Rosenman larryrtx@gmail.com Subject: Re: System users lookup via PAM: strip the domain name? > No. > > It's just a placeholder, like %u or %d. > > Aki > > > On July 13, 2017 at 10:57 AM Larry Rosenman larryrtx@gmail.com wrote: > > > > > > Will %{original_username} set %d as well? > > > > > > Sent from my Sprint Samsung Galaxy S8+. > > -------- Original message --------From: Aki Tuomi aki.tuomi@dovecot.fi Date: 7/13/17 12:34 AM (GMT-06:00) To: Dovecot List dovecot@dovecot.org, Larry Rosenman larryrtx@gmail.com Subject: Re: System users lookup via PAM: strip the domain name? > > > > > On July 13, 2017 at 4:27 AM Larry Rosenman larryrtx@gmail.com wrote: > > > > > > > > > I have a need for the following: > > > > > > Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) wirhOUT @domain in /etc/passwd > > > > > > Virtual Users in SQL (with full user@domain in the DB) > > > > > >
> > > > > > When I have auth_username_format = %Ln I can’t auth the Virtual Users, and if I have auth_username_format = %Lu I can’t auth System users. > > > > > >
> > > > > > Is there a compromise somewhere? > > > > > > > > > > You could try using %{original_username} in SQL. > > > > Or you can try removing the auth_username_format and instead > > > > passdb { > > driver = sql > > args = ... > > } > > passdb { > > driver = static > > args = user=%Ln noauthenticate > > # you can remove next line if you want to always normalize your usernames > > skip = authenticated > > } > > passdb { > > driver = pam > > args = ... > > skip = authenticated > > } > > > > Aki
participants (1)
-
Larry Rosenman