[Dovecot] New userdb backend for checkpassword like programs
Timo Sirainen
tss at iki.fi
Fri Oct 17 20:25:54 EEST 2008
On Fri, 2008-10-17 at 19:04 +0200, Sascha Wilde wrote:
> The back end needs a special checkpassword program which follows the
> qmail semantics but additionally provides the user data without password
> verification when the environment variable AUTHORIZED is set.[1]
>
> I have done some code cleanup (mainly factoring out common code of the
> passdb and userdb back ends) and you can found the current version,
> alongside with our acl-plugin enhancements, here:
>
> http://hg.intevation.org/kolab/dovecot-1.2_kolab-branch/
>
> Timo, what would be needed to get the new back end upstream?
Some small things:
- rename checkpassword-common.c to db-checkpassword.c so it's
consistent with others.
- userdb checkpassword is a new dovecot-specific extension, so you can
drop all vpopmail etc. exit code handlers. Just 3 needed: success, user
doesn't exist and internal error (also being the default).
- a valid userdb checkpassword script shouldn't be a valid passdb
checkpassword script to avoid accidents. I guess this could be done by
1) Require userdb scripts to set USERDB environment.
2) checkpassword-reply checks if USERDB environment is set. If it is,
return exit code 2 instead of 0.
3) userdb-checkpassword.c's success exit code is 2. exit code 0 would
produce failure.
Hmm. Or perhaps instead of USERDB change the AUTHORIZED environment's
value to something else.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081017/7a83cd03/attachment.bin
More information about the dovecot
mailing list