[Dovecot] User mapping via pam

Flannery, Andrew aflannery at ocad.ca
Wed Jun 27 20:53:54 EEST 2007


Hi,

 

I'm trying to change the PAM_USER within a pam module, and observed that
dovecot 0.99 does not support this. I then looked at 1.x and found:

 

 src/auth/passdb-pam.c:232:

 

        /* FIXME: this doesn't actually work since we're in the child

           process.. */

        status = pam_get_item(pamh, PAM_USER, (linux_const void
**)&item);

        if (status != PAM_SUCCESS) {

                *error = t_strdup_printf("pam_get_item() failed: %s",

                                         pam_strerror(pamh, status));

                return status;

        }

        auth_request_set_field(request, "user", item, NULL);

 

however it appeared to me that the auth process was passing this
username to the parent in its response.

 

Is this issue resolved? I compiled and tested mapping the username sso
to the user andrew:

 

Jun 27 13:38:45 itsrv dovecot: auth-worker(default): pam(sso,10.x.x.x):
lookup service=imap

Jun 27 13:38:45 itsrv dovecot: auth(default): auth(sso,10.x.x.x):
username changed sso -> andrew

Jun 27 13:38:45 itsrv dovecot: auth(default): client out: OK    1
user=andrew

Jun 27 13:50:57 itsrv dovecot: auth(default): master in: REQUEST
1       19761   1

Jun 27 13:50:57 itsrv dovecot: auth(default): passwd(andrew,10.x.x.x):
lookup

Jun 27 13:50:57 itsrv dovecot: auth(default): master out: USER  1
andrew  system_user=andrew      uid=1001        gid=1001
home=/home/Andrew

 

Also, is this behavior dependant on me setting blocking=yes for "passdb
pam" in dovecot.conf? (for this test It was set)

 

Thanks,

Andrew Flannery



More information about the dovecot mailing list