[Dovecot] Authentication feature I need

Dominic Marks dom at goodforbusiness.co.uk
Sun Jul 17 18:00:10 EEST 2005


On Sunday 17 July 2005 15:40, Marc Perkel wrote:
> Actually maybe it's passwd-file I want? Docs are confusing.
>
> auth passwd {
>  userdb = passwd-file /etc/vmail/passwd.%d
>  passdb = passwd-file /etc/vmail/shadow.%d
> }

Yes. If the %d expansion happened at authentication time,
that would be correct.

You should (could) run the auth process as a non-root user as
a security enhancement since there is no need for root privs
with passwd-file authentication.

> Marc Perkel wrote:
> > OK - here's whay I need to make it work for my Linuxconf compatible
> > authentication system. First - a question:
> >
> > Will this work? I can find docs on "virtualfile.
> >
> > auth virtualfile {
> >  mechanisms = plain digest-md5
> >  userdb = passwd-file /etc/vmail/passwd.%d
> >  passdb = passwd-file /etc/vmail/shadow.%d
> >  user = root
> > }
> >
> > Then - since the dmain name selects the passwd file, if there were
> > a feature to make %n be us user instead of the whole email address
> > then I have what I need.
> >
> > Password files are placed in the /etc/vmail directory as follows:
> >
> > /etc/vmail/passwd.domain1
> > /etc/vmail/shadow.domain1
> > /etc/vmail/passwd.domain2
> > /etc/vmail/shadow.domain2
> >
> > The password and shadow files are exactly the same format as the
> > /etc/password and /etc/shadow files. The user name within the files
> > would be the %n part of the email address passed to authenticate
> > with.
> >
> > Basically the password file names are /etc/vmail/passwd.%d with the
> > user withing the file being %n.
> >
> > marc:x:40000:12:Marc Perkel:/vhome/perkel.com/home/marc:/bin/false
> > test:x:40001:12::/vhome/perkel.com/home/test:/bin/false
> > dd:x:40002:12:Atia:/vhome/perkel.com/home/dd:/bin/false
> > test2:x:40003:12::/vhome/perkel.com/home/test2:/bin/false

-- 
Dominic Marks



More information about the dovecot mailing list