[Dovecot] configure dovecot to invoke pam_setcred() from the same process that accesses ~/Maildir?

Timo Sirainen tss at iki.fi
Tue Jun 30 18:00:57 EEST 2009


On Mon, 2009-06-29 at 13:32 -0700, Adam Megacz wrote:
> Hello.  I'm wondering how one would go about configuring dovecot to
> invoke pam_setcred() from the same process as (or a parent process of)
> the process which eventually reads the user's mail off the disk.

Not easily. PAM lookups are done by dovecot-auth process, which is
completely different from the eventual imap/pop3 process.

> In particular, I'm trying to use dovecot with pam_krb5 (which
> associates a ticket cache to a specific pid) and pam_afs_session
> (which associates tokens to a specific process authentication group --
> roughly equivalent to a process and all its descendents).

Is it possible to authenticate first in one process and then do
pam_setcred() in another? Then you could create e.g. a mail_executable
wrapper or Dovecot plugin that calls pam_setcred() before dropping
privileges.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090630/a11fe289/attachment.bin 


More information about the dovecot mailing list