System users lookup via PAM: strip the domain name?

Larry Rosenman larryrtx at gmail.com
Thu Jul 13 16:16:56 EEST 2017 

Bingo, that works well.

 

Might it be useful to document this on the Wiki?

(some of the constructs used aren’t real clear there).

 

 

-- 

Larry Rosenman                     http://www.lerctr.org/~ler

Phone: +1 214-642-9640                 E-Mail: larryrtx at gmail.com

US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281

 

 

 

From: Larry Rosenman <larryrtx at gmail.com>
Date: Thursday, July 13, 2017 at 6:36 AM
To: Aki Tuomi <aki.tuomi at dovecot.fi>, Dovecot List <dovecot at dovecot.org>
Subject: Re: System users lookup via PAM: strip the domain name?

 

Ok,, I was half awake when I typed that 😀

 

 

 

Sent from my Sprint Samsung Galaxy S8+.

 

-------- Original message --------

From: Aki Tuomi <aki.tuomi at dovecot.fi> 

Date: 7/13/17 6:19 AM (GMT-06:00) 

To: Dovecot List <dovecot at dovecot.org>, Larry Rosenman <larryrtx at gmail.com> 

Subject: Re: System users lookup via PAM: strip the domain name? 

 

No it's intentionally %Ln to convert user1 at domain into user1 for PAM.

Aki

> On July 13, 2017 at 2:03 PM Larry Rosenman <larryrtx at gmail.com> wrote:
> 
> 
> Is the %Ln on the 2nd passdb supposed to be a %Lu?
> 
> 
> Sent from my Sprint Samsung Galaxy S8+.
> -------- Original message --------From: Aki Tuomi <aki.tuomi at dovecot.fi> Date: 7/13/17  4:43 AM  (GMT-06:00) To: Dovecot List <dovecot at dovecot.org>, Larry Rosenman <larryrtx at gmail.com> Subject: Re: System users lookup via PAM: strip the domain name? 
> No.
> 
> It's just a placeholder, like %u or %d.
> 
> Aki
> 
> > On July 13, 2017 at 10:57 AM Larry Rosenman <larryrtx at gmail.com> wrote:
> > 
> > 
> > Will %{original_username} set %d as well?
> > 
> > 
> > Sent from my Sprint Samsung Galaxy S8+.
> > -------- Original message --------From: Aki Tuomi <aki.tuomi at dovecot.fi> Date: 7/13/17  12:34 AM  (GMT-06:00) To: Dovecot List <dovecot at dovecot.org>, Larry Rosenman <larryrtx at gmail.com> Subject: Re: System users lookup via PAM: strip the domain name? 
> > 
> > > On July 13, 2017 at 4:27 AM Larry Rosenman <larryrtx at gmail.com> wrote:
> > > 
> > > 
> > > I have a need for the following:
> > > 
> > > Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) wirhOUT @domain in /etc/passwd
> > > 
> > > Virtual Users in SQL (with full user at domain in the DB)
> > > 
> > >  
> > > 
> > > When I have auth_username_format = %Ln I can’t auth the Virtual Users, and if I have auth_username_format = %Lu I can’t auth System users. 
> > > 
> > >  
> > > 
> > > Is there a compromise somewhere?
> > > 
> > >
> > 
> > You could try using %{original_username} in SQL.
> > 
> > Or you can try removing the auth_username_format and instead
> > 
> > passdb {
> >   driver = sql
> >   args = ...
> > }
> > passdb {
> >   driver = static
> >   args = user=%Ln noauthenticate
> > # you can remove next line if you want to always normalize your usernames
> >   skip = authenticated
> > }
> > passdb {
> >   driver = pam
> >   args = ...
> >   skip = authenticated
> > }
> > 
> > Aki

More information about the dovecot mailing list