[Dovecot] Very Complex Master Password Challenge
Marc Perkel
marc at perkel.com
Thu Apr 13 02:16:15 EEST 2006
This might require adding some new code to Dovecot to pull this off. But
it would be extremely powerful if I could get this to work. Here's the
situation.
Having a master password is great for helping users and doing tech
support. But - suppose I'm hosting many domains and I want to create
master passwords for each domain separately so that the owners of the
domain can log in as any user within that domain?
Here's the way I have things set up. I have a directory of passwd/shadow
pairs for each domain as follows:
/etc/vmail/passwd.domain1.com
/etc/vmail/shadow.domain1.com
/etc/vmail/passwd.domain2.com
/etc/vmail/shadow.domain2.com
Additionally I have a master domain used for management of the other
domains. The master domain is an email account for each domain under the
domain junkemailfilter.net.
domain1.com at junkemailfilter.net
domain2.com at junkemailfilter.net
The password and shadow files are like the others:
/etc/vmail/passwd.junkemailfilter.net
/etc/vmail/shadow.junkemailfilter.net
So - the idea is that the owners of the domain have access to the email
accounts on junkemailfilter.net and what I'm hoping to do is that they
can use this as the master password for their domain only. Example:
domain1.com at junkemailfilter.net
domain2.com at junkemailfilter.net
I suppose that the master password feature needs another new feature to
limit the scope of what it is allowed to be a master password for.
Something perhaps like:
passdb passwd-file {
# Path for passwd-file
args = /etc/vmail/shadow.junkemailfilter.net
master = yes
scope = *@%u
}
In the above example "%u" is the user part of the master password. So
that that master user would be for example
"domain1.com at junkemailfilter.net" and it would be the master password
only for users of domain1.com and not domain2.com.
So - if you can follow this - then you will see that this would be a
really cool feature to have. And - I'm guessing that it might be easy to
implement.
More information about the dovecot
mailing list