System users lookup via PAM: strip the domain name?

Aki Tuomi aki.tuomi at dovecot.fi
Thu Jul 13 08:34:31 EEST 2017


> On July 13, 2017 at 4:27 AM Larry Rosenman <larryrtx at gmail.com> wrote:
> 
> 
> I have a need for the following:
> 
> Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) wirhOUT @domain in /etc/passwd
> 
> Virtual Users in SQL (with full user at domain in the DB)
> 
>  
> 
> When I have auth_username_format = %Ln I can’t auth the Virtual Users, and if I have auth_username_format = %Lu I can’t auth System users. 
> 
>  
> 
> Is there a compromise somewhere?
> 
>

You could try using %{original_username} in SQL.

Or you can try removing the auth_username_format and instead

passdb {
  driver = sql
  args = ...
}
passdb {
  driver = static
  args = user=%Ln noauthenticate
# you can remove next line if you want to always normalize your usernames
  skip = authenticated
}
passdb {
  driver = pam
  args = ...
  skip = authenticated
}

Aki


More information about the dovecot mailing list