[Dovecot] Feature Request - Authentication Scheme - Linuxconf
This would make my life a lot easier in migrating to Dovecot. And it should be really easy to implement. Here's how linuxconf does it:
Password files are placed in the /etc/vmail directory as follows:
/etc/vmail/passwd.domain1 /etc/vmail/shadow.domain1 /etc/vmail/passwd.domain2 /etc/vmail/shadow.domain2
The password and shadow files are exactly the same format as the /etc/password and /etc/shadow files. The user name within the files would be the %n part of the email address passed to authenticate with.
Basically the password file names are /etc/vmail/passwd.%d with the user withing the file being %n.
marc:x:40000:12:Marc Perkel:/vhome/perkel.com/home/marc:/bin/false test:x:40001:12::/vhome/perkel.com/home/test:/bin/false dd:x:40002:12:Atia:/vhome/perkel.com/home/dd:/bin/false test2:x:40003:12::/vhome/perkel.com/home/test2:/bin/false
It also makes merging several servers with separate passwd/shadow files into one virtual system because all you have to do is copy their existing passwd/shadow files into the /etc/vmail directory and rename them with the domain at the end.
So - wouldn't that be easy to add? Sure would make migrating easy for me.
-- Marc Perkel - marc@perkel.com
Spam Filter: http://www.junkemailfilter.com My Blog: http://marc.perkel.com
On Saturday 16 July 2005 23:59, Marc Perkel wrote:
This would make my life a lot easier in migrating to Dovecot. And it should be really easy to implement. Here's how linuxconf does it:
Password files are placed in the /etc/vmail directory as follows:
/etc/vmail/passwd.domain1 /etc/vmail/shadow.domain1 /etc/vmail/passwd.domain2 /etc/vmail/shadow.domain2
The password and shadow files are exactly the same format as the /etc/password and /etc/shadow files. The user name within the files would be the %n part of the email address passed to authenticate with.
Basically the password file names are /etc/vmail/passwd.%d with the user withing the file being %n.
marc:x:40000:12:Marc Perkel:/vhome/perkel.com/home/marc:/bin/false test:x:40001:12::/vhome/perkel.com/home/test:/bin/false dd:x:40002:12:Atia:/vhome/perkel.com/home/dd:/bin/false test2:x:40003:12::/vhome/perkel.com/home/test2:/bin/false
It also makes merging several servers with separate passwd/shadow files into one virtual system because all you have to do is copy their existing passwd/shadow files into the /etc/vmail directory and rename them with the domain at the end.
So - wouldn't that be easy to add? Sure would make migrating easy for me.
Not commenting on the idea, but:
From the Dovecot Wiki: http://wiki.dovecot.org/moin.cgi/Authentication
"Dovecot 1.0-tests support defining multiple password databases, so that if password doesn't match in the first database, it checks the next one. This can be useful if you want to easily support having both local system users in /etc/passwd but also virtual users..."
Using this you could implement what you describe, with one small exception that usernames would have to be renamed in your passwd files to their appropriate user@domain form. I think that it is good practice to name your users with the complete name in the passwd file.
Cheers,
Dominic Marks
Dominic Marks wrote:
On Saturday 16 July 2005 23:59, Marc Perkel wrote:
This would make my life a lot easier in migrating to Dovecot. And it should be really easy to implement. Here's how linuxconf does it:
Password files are placed in the /etc/vmail directory as follows:
/etc/vmail/passwd.domain1 /etc/vmail/shadow.domain1 /etc/vmail/passwd.domain2 /etc/vmail/shadow.domain2
The password and shadow files are exactly the same format as the /etc/password and /etc/shadow files. The user name within the files would be the %n part of the email address passed to authenticate with.
Basically the password file names are /etc/vmail/passwd.%d with the user withing the file being %n.
marc:x:40000:12:Marc Perkel:/vhome/perkel.com/home/marc:/bin/false test:x:40001:12::/vhome/perkel.com/home/test:/bin/false dd:x:40002:12:Atia:/vhome/perkel.com/home/dd:/bin/false test2:x:40003:12::/vhome/perkel.com/home/test2:/bin/false
It also makes merging several servers with separate passwd/shadow files into one virtual system because all you have to do is copy their existing passwd/shadow files into the /etc/vmail directory and rename them with the domain at the end.
So - wouldn't that be easy to add? Sure would make migrating easy for me.
Not commenting on the idea, but:
From the Dovecot Wiki: http://wiki.dovecot.org/moin.cgi/Authentication
"Dovecot 1.0-tests support defining multiple password databases, so that if password doesn't match in the first database, it checks the next one. This can be useful if you want to easily support having both local system users in /etc/passwd but also virtual users..."
Using this you could implement what you describe, with one small exception that usernames would have to be renamed in your passwd files to their appropriate user@domain form. I think that it is good practice to name your users with the complete name in the passwd file.
Cheers,
Yes - I'm trying to avoid migration to a new format because I have an interface that mamages the passwd/shadow method that I'm using now. I would have to run a conversion script one a minute if I changed it to something else. And I have about 200 of these virtual domain files.
It's actually a pretty good system and I believe it would be trivial to make Dovecot compatible with it. If I migrate I would have to merge these 200 files into one big file and that might be slow and ungle, unless I went to MySQL perhaps. I was experimenting with that and couldn't get it to work.
-- Marc Perkel - marc@perkel.com
Spam Filter: http://www.junkemailfilter.com My Blog: http://marc.perkel.com
On Sunday 17 July 2005 00:28, Marc Perkel wrote:
Dominic Marks wrote:
On Saturday 16 July 2005 23:59, Marc Perkel wrote:
This would make my life a lot easier in migrating to Dovecot. And it should be really easy to implement. Here's how linuxconf does it:
Password files are placed in the /etc/vmail directory as follows:
/etc/vmail/passwd.domain1 /etc/vmail/shadow.domain1 /etc/vmail/passwd.domain2 /etc/vmail/shadow.domain2
The password and shadow files are exactly the same format as the /etc/password and /etc/shadow files. The user name within the files would be the %n part of the email address passed to authenticate with.
Basically the password file names are /etc/vmail/passwd.%d with the user withing the file being %n.
marc:x:40000:12:Marc Perkel:/vhome/perkel.com/home/marc:/bin/false test:x:40001:12::/vhome/perkel.com/home/test:/bin/false dd:x:40002:12:Atia:/vhome/perkel.com/home/dd:/bin/false test2:x:40003:12::/vhome/perkel.com/home/test2:/bin/false
It also makes merging several servers with separate passwd/shadow files into one virtual system because all you have to do is copy their existing passwd/shadow files into the /etc/vmail directory and rename them with the domain at the end.
So - wouldn't that be easy to add? Sure would make migrating easy for me.
Not commenting on the idea, but:
From the Dovecot Wiki: http://wiki.dovecot.org/moin.cgi/Authentication
"Dovecot 1.0-tests support defining multiple password databases, so that if password doesn't match in the first database, it checks the next one. This can be useful if you want to easily support having both local system users in /etc/passwd but also virtual users..."
Using this you could implement what you describe, with one small exception that usernames would have to be renamed in your passwd files to their appropriate user@domain form. I think that it is good practice to name your users with the complete name in the passwd file.
Cheers,
Yes - I'm trying to avoid migration to a new format because I have an interface that mamages the passwd/shadow method that I'm using now. I would have to run a conversion script one a minute if I changed it to something else. And I have about 200 of these virtual domain files.
I think the current method is more robust since it does not depend on the file name. I don't know anything about the interface you use, but could you not simply modify it to store the username as user@domain? That would be the only change you need to make.
I'm not trying to argue against your idea, just suggesting alternatives within the existing code base.
It's actually a pretty good system and I believe it would be trivial to make Dovecot compatible with it. If I migrate I would have to merge these 200 files into one big file and that might be slow and
As the documentation says, you can define many of passwd files, no need to merge them. As for being slow, maybe if you have tens of thousands of users in your passwd files. Otherwise, I doubt very much if you could measure the difference.
ungle, unless I went to MySQL perhaps. I was experimenting with that and couldn't get it to work.
Unlikely to be worth the bother unless you have a very large number of users.
Cheers,
Dominic Marks
Not only would I have to change all the names but I would have to list 200 files to search. If this change were made I would only have to search the right file and that file is the same structure as a standard passwd file.
Dominic Marks wrote:
On Saturday 16 July 2005 23:59, Marc Perkel wrote:
This would make my life a lot easier in migrating to Dovecot. And it should be really easy to implement. Here's how linuxconf does it:
Password files are placed in the /etc/vmail directory as follows:
/etc/vmail/passwd.domain1 /etc/vmail/shadow.domain1 /etc/vmail/passwd.domain2 /etc/vmail/shadow.domain2
The password and shadow files are exactly the same format as the /etc/password and /etc/shadow files. The user name within the files would be the %n part of the email address passed to authenticate with.
Basically the password file names are /etc/vmail/passwd.%d with the user withing the file being %n.
marc:x:40000:12:Marc Perkel:/vhome/perkel.com/home/marc:/bin/false test:x:40001:12::/vhome/perkel.com/home/test:/bin/false dd:x:40002:12:Atia:/vhome/perkel.com/home/dd:/bin/false test2:x:40003:12::/vhome/perkel.com/home/test2:/bin/false
It also makes merging several servers with separate passwd/shadow files into one virtual system because all you have to do is copy their existing passwd/shadow files into the /etc/vmail directory and rename them with the domain at the end.
So - wouldn't that be easy to add? Sure would make migrating easy for me.
Not commenting on the idea, but:
From the Dovecot Wiki: http://wiki.dovecot.org/moin.cgi/Authentication
"Dovecot 1.0-tests support defining multiple password databases, so that if password doesn't match in the first database, it checks the next one. This can be useful if you want to easily support having both local system users in /etc/passwd but also virtual users..."
Using this you could implement what you describe, with one small exception that usernames would have to be renamed in your passwd files to their appropriate user@domain form. I think that it is good practice to name your users with the complete name in the passwd file.
Cheers,
-- Marc Perkel - marc@perkel.com
Spam Filter: http://www.junkemailfilter.com My Blog: http://marc.perkel.com
participants (2)
-
Dominic Marks
-
Marc Perkel