[Dovecot] comment on dovecot documentation on PAM
president at irithm.com
president at irithm.com
Thu May 11 23:46:16 EEST 2006
Dear Dovecote devotees,
I have been going through dovecot configuration for the
first time. I am not an experienced systems administrator
so I had to do a left turn to read up about PAM while
doing all the configuration for my new webmail service.
I found that the writing in the dovecot documentation about
PAM to be rather misleading in at least one aspect.
The documentation I am specifically referring to is at
http://wiki.dovecot.org/Authentication?highlight=%28authentication%29
and in the comments found in the dovecot.conf file.
In this documentation PAM is referred to as a password database.
It appears that is not correct, rather PAM is something
that uses a password database.
Since the default for "auth_passdb" given in dovecot.conf was
"pam" I spent sometime trying to find a pam password database.
I eventually found out at an independent website that what pam
uses is either /etc/passwd or /etc/shadow or /etc/samba/smbpasswd.
It was a relief to find out pam uses one of these, since
my system has one of them (/etc/shadow), but I was looking to
find something quite different for pam since /etc/shadow is
one of the listed alternative values for "auth_passdb".
I would have been spared a somewhat lengthy search to find out
this information if the documentation was written rather more
clearly. So, to help others, I suggest changing the following
lines in dovecot.conf
# Where password database is kept:
# passwd: /etc/passwd or similiar, using getpwnam()
# shadow: /etc/shadow or similiar, using getspnam()
# pam [<service> | *]: PAM authentication
to:
# Where password database is kept:
# passwd: /etc/passwd or similiar, using getpwnam()
# shadow: /etc/shadow or similiar, using getspnam()
# pam [<service> | *]: /etc/shadow or similiar, using PAM
authentication
Updating the documentation in
http://wiki.dovecot.org/Authentication?highlight=%28authentication%29
to include a phrase that mentions that PAM authentication
works from one of the standard password databases (i.e. /etc/passwd,
/etc/shadow or /etc/samba/smbpasswd) would also be helpful.
yours sincerely,
Rolf
More information about the dovecot
mailing list