systemd-homed

Aki Tuomi aki.tuomi at open-xchange.com
Thu Jan 7 07:32:51 EET 2021


> On 07/01/2021 02:47 Yilin Wei <yilin at kebab-ca.se> wrote:
> 
>  
> Hi,
> 
> I’ve been looking into a problem with a local dovecot setup with
> ~systemd-homed~ and uses PAM authentication. To give a brief overview,
> ~systemd-homed~ mounts the users home directory upon particular
> authencation calls (which is configurable through ~/etc/pam.d~).
> 
> Dovecot currently supports PAM authentication perfectly fine — the
> problem comes when a system has systemd-homed. This is because the
> session is created and deleted immediately afterwards [1].
> 
> This is a problem because if the server isn’t busy, systemd-homed can
> run it’s cleanup which causes the home directory to be unavailable once
> again [2].
> 
> To support this properly, ideally the whole of the imap/pop3/lda session needs
> to happen before the deletion of the session.
> 
> Does the imap session happen within a ~verify_plain~ [3] call? If not,
> are there any other authentication backends which currently need to keep
> a live token?
> 
> Yilin
> 
> [1] https://github.com/dovecot/core/blob/266e54b7b8c34c9a58dd60a2e53c5ca7d1deae19/src/auth/passdb-pam.c#L219
> [2] https://dovecot.org/pipermail/dovecot/2019-April/115559.html
> [3] https://github.com/dovecot/core/blob/266e54b7b8c34c9a58dd60a2e53c5ca7d1deae19/src/auth/passdb.h#L44

Hi!

IMAP session happens after authentication has taken place. For this to work correctly in this case, there would need to be a mail plugin that would actually open the pam session and then close it.

Aki


More information about the dovecot mailing list