Dovecot auth username mapping

[Axel Luttgens]

> Le 1 juil. 2015 à 04:38, Laz C. Peterson

> a écrit :
> 
> I have an interesting case here …
> 
> Virtual mailboxes, domain/username/aliases stored in MySQL, authentication done using PAM.  PAM authenticates through Kerberos, which are internal realms and not the email domains — for example, my username would be laz at PARAVIS.LOCAL <mailto:laz at PARAVIS.LOCAL> and my email address would be laz at paravis.net <mailto:laz at paravis.net>.
> 
> All of this works just fine.  But what I want to do is allow the users to log in using their email address and not their full Kerberos name.  It is becoming laborious to help the users understand the difference between their username at LOCAL.REALM and username at email.address <mailto:username at email.address> and why we have to have two separate identities that mean the same thing.
> 
> I have the SQL statements to convert either the Kerberos login or the email address to the actual Kerberos login (so they may use either).  But I cannot seem to figure out how to get Dovecot to acknowledge this as the mapped username.
> 
> I’m sure there has to be a way.  Any help will be greatly appreciated.  Thank you!

Hello Laz,

I fear you’ll have to resort to CheckPassword (http://wiki2.dovecot.org/AuthDatabase/CheckPassword) or something similar.

Indeed, your MySql database may contain everything needed to convert email addresses to kerb login (and vice-versa), but Dovecot’s PAM interface understandably just knows about a (login, password) pair, where the login is the one provided by the user wanting to log in.

That said, I hope to be wrong,
Axel