Simplifying Support of Virtual and System Users
Sami Ketola
sami at ketola.io
Mon Mar 28 20:11:39 UTC 2022
> On 26. Mar 2022, at 19.32, Mark Olbert <Mark at arcabama.com> wrote:
>
> Apologies if this has already been raised here (which I suspect it has 😊). I tried to raise it as an issue over on github but issues are not enabled for the repository.
>
> The support for mixing virtual users, with fully-qualified email addresses, and system users could be simpler. Assuming it doesn’t mess up other stuff in the code base, of course 😊.
>
> The problem appears to be that the PAM passwd module requires just user names without a domain (which makes sense given that they’re system users) but does not, so far as I can see, support the username_format argument. In my setup, the default structure of 10-auth.conf demonstrates this:
>
> auth_username_format = %n
>
> That means all username arguments lack the domain part…which complicates using fully-qualified ones for virtual users. I realize I could assign arbitrary unique names to the virtual accounts in the lookup file. But that complicates administering the system, so I want to be able to include the domain for virtual users.
Change that. use auth_username_format = %Lu (which is the default, not %n)
then for the PAM passdb use username_filter = !*@*
that will then skip all usernames that have @ included.
Dovecot 2.2.30 or later required for that.
Sami
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220328/d6de80de/attachment.htm>
More information about the dovecot
mailing list