Re: Question about password field in passwd-file
On Jul 7, 2018, at 2:12 AM, Aki Tuomi aki.tuomi@dovecot.fi wrote:
you can add nopassword attribute to the end. See https://wiki.dovecot.org/PasswordDatabase/ExtraFields
Aki Tuomi Dovecot oy
Hi Aki,
Thank you for your reply.
I have two questions regarding this:
Is the “nopassword” attribute the same as specifying a null password field by itself ? The documentation at [1] seems to suggest that having a null password AND specifying “nopassword” will allow someone to authenticate with _no_ password:
“nopasword: if you want to allow all passwords, use an empty password and this field.”
Farther down, the page seems to indicate that the “nologin” attribute is what I am looking for:
“nologin: User isn’t actually allowed to log in even if the password matches . . .”
Or possibly “noauthenticate”:
“noauthenticate: Do not perform any authentication . . ."
- Is “nologin” functionally equivalent to specifying no password in the password field ? I am assuming that setting a null password (even without “nologin”), prevents login with ANY or NO password as a blank field would default to a {CRYPT} scheme and a call to crypt() cannot return a null string.
As background to why I want to do this, I have a server with a basic Dovecot setup that provides SMTP SASL AUTH, IMAP and LMTP for Postfix. For the passdb and userdb, I use the same passwd-style file:
/etc/dovecot/dovecot.conf
userdb {
driver = passwd-file
args = /etc/dovecot/passwd
}
passdb {
driver = passwd-file
args = /etc/dovecot/passwd
}
I use usernames for SMTP SASL AUTH and IMAP that differ from either: user@example.com or user. So for one user, for example, I have:
/etc/dovecot/passwd
# SMTP SASL AUTH and IMAP user accounts and passwords
user_account_1:{PLAIN}password: . . .
# LMTP username/e-mail address
user@example.com:: . . . :/var/mail/vhosts/example.com/user_account_1
So in the LMTP entry I specify no password between the colons to prevent someone trying to logon via IMAP using the LMTP username/e-mail address. Is this correct and: is there a better way to do this ?
Thanks,
- J
Sources:
[1] https://wiki.dovecot.org/PasswordDatabase/ExtraFields
participants (1)
-
J Doe