[Dovecot] doveadm auth and the "nologin" extra field

Axel Luttgens axel.luttgens at skynet.be
Fri Apr 18 07:54:01 UTC 2014


Hello,

Still busy with details...

Considering, as in my previous example, a password_query returning '!' or NULL for the "nologin" column, depending on an account's status (suspended or not).

Let's consider a suspended user "some.user".

In the case of a successful authentication, one has:

	sh-3.2# doveadm auth test some.user goodpassword; echo $?
	passdb: some.user auth succeeded
	extra fields:
	  user=some.user
	  nologin
	0

On the other hand, in the case of an authentication failure:

	sh-3.2# doveadm auth test some.user badpassword; echo $?
	passdb: some.user auth failed
	extra fields:
	  user=some.user
	  nologin=!
	77

So, this is similar to what happens in a connection (pop3, imap...): when present, the nologin info is always taken into account, even in the case of an authentication failure.

Again, this may raise some concerns about the consistency of such a behavior.
Is this guaranteed to always behave that way, because of some rationale I'm currently missing, or does it go about some overlooked combination, liable to be inadvertently "corrected" in the future?
I haven't been able to find a definitive answer in the wiki or in the code about such matters.

This is particularly important in the case of doveadm, since its output requires parsing for extracting such informations (the exit code alone isn't sufficient); should above behavior be changed without notice, and a script could suddenly take the worst decisions...

BTW, why:
	  nologin
in the first output, and:
	  nologin=!
in the second output?


TIA,
Axel


More information about the dovecot mailing list