Simplifying Support of Virtual and System Users
Patrick Domack
patrickdk at patrickdk.com
Tue Mar 29 18:07:49 UTC 2022
I just use all virtual user accounts. these virtual users have a flag
that I set, if I want that account to be a system account, for things
such as ssh/shell/... usage.
But a single user registry makes things much simpler than having
several, and then attempting to integrate them into a single list, vs
separating a single list into several uses.
Quoting Mark Olbert <Mark at arcabama.com>:
> Apologies if this has already been raised here (which I suspect it
> has 😊). I tried to raise it as an issue over on github but issues
> are not enabled for the repository.
>
> The support for mixing virtual users, with fully-qualified email
> addresses, and system users could be simpler. Assuming it doesn’t
> mess up other stuff in the code base, of course 😊.
>
> The problem appears to be that the PAM passwd module requires just
> user names without a domain (which makes sense given that they’re
> system users) but does not, so far as I can see, support the
> username_format argument. In my setup, the default structure of
> 10-auth.conf demonstrates this:
>
> auth_username_format = %n
>
> That means all username arguments lack the domain part…which
> complicates using fully-qualified ones for virtual users. I realize
> I could assign arbitrary unique names to the virtual accounts in the
> lookup file. But that complicates administering the system, so I
> want to be able to include the domain for virtual users.
>
> After about five hair-pulling hours of wrestling with the
> configuration I stumbled across an answer utilizing
> conditionals<https://serverfault.com/questions/260488/dovecot-user-lookup-fails-when-using-usernamedomain-format> on ServerFault. It works
> fine.
>
> But being able to pass a username_format parameter to the PAM module
> (which I tried, but it was rejected) would be a lot simpler, and a
> lot more intuitive.
>
> - Mark
More information about the dovecot
mailing list