[Dovecot] Kerberos/GSSAPI auth via .k5login file

Timo Sirainen tss at iki.fi
Fri Jan 4 01:59:49 EET 2013


On 31.12.2012, at 2.26, Ben Morrow <ben at morrow.me.uk> wrote:

> I've been wondering for a while about patching Dovecot to support its
> own krb5 ACL file under the Dovecot directory, not least because it
> would be useful to be able to give a principal IMAP access without
> necessarily giving it shell access, but it's not entirely
> straightforward since currently Dovecot verifies the Kerberos creds
> before it even tries to look up the user in the userdb.

I'm not entirely sure what it would need to do, but I'm pretty sure that code belongs to passdb. mech-gssapi.c already does a passdb lookup, and it could be moved to be done earlier if wanted.




More information about the dovecot mailing list