[Dovecot] %{orig_user} missing in checkpassword-Script
dovecot.pkoch at dfgh.net
dovecot.pkoch at dfgh.net
Thu Mar 27 15:04:38 UTC 2014
Hi everybody,
I'm using SSL client certificates or checkpassword scripts to authenticate
our users. If a user sent a client certificate from his smartcard my
checkpasswort will ignore the password, if he does not sent a client
certificate but uses his OTP-token then my checkwassword script will check
wether the password is a correct one time password.
My problem is: the AUTH_USER variable will either contain the username that
was configured in the mailclient (if auth_ssl_username_from_cert=false) or
the username from the certificate (if auth_ssl_username_from_cert=true).
I would like to compare both values, i.e. the %{user} Dovecot-variable and
the %{orig_user} Dovecot-variable. But the environment of a
checkpassword-script has only one of them.
Any ideas?
I tried to change the source and found the routine where all the AUTH_xxx
environment variables are created. But the %{orig_user] variable was empty
at that point, so no AUTH_ORIG_USER variable is created.
I'm afraight that whenever the %{user}-Variable is replaced by the UID from
the client certificate (due to auth_ssl_username_from_cert=true), the
original value of %{user} is NOT copied into %{orig_user}
Can someone more familiar with the dovecot source check this please or give
me a hint where to look further
Kind regards
Peter Koch
More information about the dovecot
mailing list