[Dovecot] New userdb backend for checkpassword like programs
wilde at intevation.de
Mon Oct 20 19:08:04 EEST 2008
Timo Sirainen <tss at iki.fi> writes:
> On Mon, 2008-10-20 at 17:26 +0200, Sascha Wilde wrote:
>> Currently the code handles only two cases: success and (any kind of)
>> error. The passdb-checkpassword stuff seems not to handle "user
>> doesn't exist" in any special way, so I don't see why the userdb
>> backend should.
> The difference is that userdb lookups need to know if the user exists or
> if the error is only temporary. That determines if deliver returns
> EX_TEMPFAIL or EX_NOUSER.
Ah, I see. I'll implement it accordingly.
>> > - a valid userdb checkpassword script shouldn't be a valid passdb
>> > checkpassword script to avoid accidents. I guess this could be done by
>> I don't agree here. I think it would be ok to have only one
>> checkpassword executable to handle both cases.
> Yes, but a checkpassword script written to handle *only* userdb lookups
> shouldn't be a valid passdb script.
Ok, we can agree on that. But I think it would be sufficient to say
that such an userdb only checkpassword script MUST fail if AUTHORIZED is
>> > 1) Require userdb scripts to set USERDB environment.
>> > 2) checkpassword-reply checks if USERDB environment is set. If it is,
>> > return exit code 2 instead of 0.
>> > 3) userdb-checkpassword.c's success exit code is 2. exit code 0 would
>> > produce failure.
>> > Hmm. Or perhaps instead of USERDB change the AUTHORIZED environment's
>> > value to something else.
>> 1) I fully agree that it is a very good idea that, if AUTHORIZED is set
>> checkpassword-reply should return something != 0 at success and
>> userdb-checkpassword should expect this very value.
>> I'll implement that.
>> 2) I don't understand why the checkpassword program should change the
>> environment in any way.
> The idea was that if there's a checkpassword script that handles only
> userdb lookups and it's tried to be used as passdb checkpassword, it
> would fail because checkpassword-reply sees AUTHORIZED=2 environment,
> which would cause it to return 2 which would cause passdb checkpassword
> to fail the authentication.
I understand the idea now, but see above: we need the (userdb only)
checkpassword script to follow our rules anyway, so instead of doing
magic to the environment and checking for this in checkpassword-reply it
should be sufficient for the script to fail if AUTHORIZED wasn't set.
Or am I missing something?
Sascha Wilde OpenPGP key: 4BB86568
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 188 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20081020/0dde29a9/attachment.bin
More information about the dovecot