[Dovecot] Re: dovecot Digest, Vol 2, Issue 15

Thu Jun 19 17:26:34 EEST 2003

>
>Message: 2
>Date: Wed, 18 Jun 2003 13:21:08 +0200 (CEST)
>From: Andreas Aardal Hanssen <dovecot at andreas.hanssen.name>
>Subject: Re: [Dovecot] Multiple auth howto
>To: Dovecot mailing list <dovecot at procontrol.fi>
>Message-ID:
>	<Pine.LNX.4.44.0306181319060.29812-100000 at shusaku.troll.no>
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>On Wed, 18 Jun 2003 ohp at pyrenet.fr wrote:
>>> Well, short answer: You can't. Put them all to one place (eg. pgsql),
>>> maybe using some automated scripts. I don't know if I should even
>>> consider about supporting fallbacking..
>>Hi Timo,  Thanks for your answer.
>>The reason I came to dovcot is that I thought it was possible. I've benn
>>researching this for weeks now. First thought that cyrus would do that, it
>>does but though SASL and pam whitch I don't have.
>>How difficult would it be to implement a fallback?
>
>Does this tool do what you want? (checkpassword only though, but I bet you
>will find checkpassword compatible authenticators that suit your needs):
>
>http://www.andreas.hanssen.name/software/multichkpwds.c
It surely is interesting bu I'd rather see modules inside the server,
see below
>
>--
>Andreas Aardal Hanssen
>
>
>
>------------------------------
>Message: 4
>Date: 18 Jun 2003 15:31:36 +0300
>From: Timo Sirainen <tss at iki.fi>
>Subject: Re: [Dovecot] Multiple auth howto
>To: dovecot at procontrol.fi
>Message-ID: <1055939496.10262.163.camel at hurina>
>Content-Type: text/plain
>
>On Wed, 2003-06-18 at 14:05, ohp at pyrenet.fr wrote:
>> > Well, short answer: You can't. Put them all to one place (eg. pgsql),
>> > maybe using some automated scripts. I don't know if I should even
>> > consider about supporting fallbacking..
>> >
>> >
>> Hi Timo,  Thanks for your answer.
>> The reason I came to dovcot is that I thought it was possible. I've benn
>> researching this for weeks now. First thought that cyrus would do that, it
>> does but though SASL and pam whitch I don't have.
>>
>> How difficult would it be to implement a fallback?
>
>Not very. I'm mostly concerned about what happens if the user exists in
>both authenticators. I guess normally this shouldn't happen, but you
>can't really guarantee that and mistakes happen..
Yes mistakes happen. Why could'nt you (we?) do like proftpd that has a
parameter that give the order of authenticators first one wins.

That way you could even have the same user as a real and virtual account
with differents passwords
>
>If fallbacking happened only when user isn't found from first
>authenticator, that could work a bit more safely, but I'm not sure if I
>can know with PAM if check failed because user wasn't found or because
>password didn't match.
I don't know either. My idea is to get rid of PAM for that's although
fantastic on the paper is a Linux thing that I can't even compile here.

Regards

-- 
Olivier PRENANT         	Tel:	+33-5-61-50-97-00 (Work)
Quartier d'Harraud Turrou           +33-5-61-50-97-01 (Fax)
31190 AUTERIVE                      +33-6-07-63-80-64 (GSM)
FRANCE                      Email: ohp at pyrenet.fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)