[Dovecot] GSSAPI and virtual Users?

Timo Sirainen tss at iki.fi
Sat Mar 25 12:24:48 EET 2006


On Wed, 2006-03-15 at 16:32 +0100, Jelmer Vernooij wrote:
> On Wed, Mar 15, 2006 at 04:23:05PM +0100, S. Thias wrote:
> > is there a possibility to map login-names to allowed
> > Kerberos-Principals? At the moment GSSAPI-authentication seems to work
> > only if loginname and kerberos-principal are the same, or am I missing
> > something?
> I'm afraid that at the moment, that's not (yet) possible. 

I added now a pass=yes option to passdbs. This allows doing the
conversion using eg.:

passdb passwd-file {
  args = /etc/imap.users
  pass = yes
}

Where the imap.users file would contain entries like:

imapuser:::::::user=realuser

Or it could be done with SQL, LDAP or whatever.

Now if only the GSSAPI code could somehow be told to do these passdb
lookups. :) Maybe it should do it always for pass=yes passdbs? I'm not
really sure..

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20060325/2a27de64/attachment.pgp


More information about the dovecot mailing list