System users lookup via PAM: strip the domain name?

Larry Rosenman larryrtx at gmail.com
Thu Jul 13 14:03:50 EEST 2017


Is the %Ln on the 2nd passdb supposed to be a %Lu?


Sent from my Sprint Samsung Galaxy S8+.
-------- Original message --------From: Aki Tuomi <aki.tuomi at dovecot.fi> Date: 7/13/17  4:43 AM  (GMT-06:00) To: Dovecot List <dovecot at dovecot.org>, Larry Rosenman <larryrtx at gmail.com> Subject: Re: System users lookup via PAM: strip the domain name? 
No.

It's just a placeholder, like %u or %d.

Aki

> On July 13, 2017 at 10:57 AM Larry Rosenman <larryrtx at gmail.com> wrote:
> 
> 
> Will %{original_username} set %d as well?
> 
> 
> Sent from my Sprint Samsung Galaxy S8+.
> -------- Original message --------From: Aki Tuomi <aki.tuomi at dovecot.fi> Date: 7/13/17  12:34 AM  (GMT-06:00) To: Dovecot List <dovecot at dovecot.org>, Larry Rosenman <larryrtx at gmail.com> Subject: Re: System users lookup via PAM: strip the domain name? 
> 
> > On July 13, 2017 at 4:27 AM Larry Rosenman <larryrtx at gmail.com> wrote:
> > 
> > 
> > I have a need for the following:
> > 
> > Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) wirhOUT @domain in /etc/passwd
> > 
> > Virtual Users in SQL (with full user at domain in the DB)
> > 
>> > 
> > When I have auth_username_format = %Ln I can’t auth the Virtual Users, and if I have auth_username_format = %Lu I can’t auth System users. 
> > 
>> > 
> > Is there a compromise somewhere?
> > 
> >
> 
> You could try using %{original_username} in SQL.
> 
> Or you can try removing the auth_username_format and instead
> 
> passdb {
>   driver = sql
>   args = ...
> }
> passdb {
>   driver = static
>   args = user=%Ln noauthenticate
> # you can remove next line if you want to always normalize your usernames
>   skip = authenticated
> }
> passdb {
>   driver = pam
>   args = ...
>   skip = authenticated
> }
> 
> Aki


More information about the dovecot mailing list