[Dovecot] Postfix SASL AUTH from Dovecot

Timo Sirainen tss at iki.fi
Sun May 30 04:54:08 EEST 2004


Again today got annoyed at Cyrus SASL. Upgrading it to newer version had
broken PAM support. Trying to login as "user at domain" resulted it only
asking for "user" from PAM. Well, got it patched and working again, but
I'd rather not go through it all the time..

So I finally did what I had been thinking about a year or so, change
Postfix to use dovecot-auth directly. This required cleaning
dovecot-auth quite a lot, but it seems to be working now.

Actually I finally implemented support for initial SASL response as
well. POP3's AUTH command had required support for it, strange that
no-one ever complained about it not working.

If you want to try it, you need very latest CVS version of Dovecot and
this patch for Postfix:

http://dovecot.org/patches/postfix-dovecot-auth.patch

dovecot-auth can be run on it's own (configuration in environment
variables), or you can use extra_sockets auth setting which is a ':'
separated list of UNIX sockets where to listen in. You'd probably want
to set it to /var/spool/postfix/etc/dovecot-auth, the location is
hardcoded to /etc/dovecot-auth in the patch for now (smtpd is chrooted).

The only real problem is that Dovecot creates the dovecot-auth socket
using 0660 root:root modes, so you have to manually chmod it to 0666 or
fix owner/group. I guess that needs some more thinking.. Probably each
socket should have separate settings for it, but how to do it easily in
configuration? ..

The patch has also hardcoded dovecot path in Makefile.in, you'll need to
change that.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040530/9f39a0ad/attachment-0001.bin>


More information about the dovecot mailing list