[Dovecot] New userdb backend for checkpassword like programs

Sascha Wilde wilde at intevation.de
Mon Oct 20 18:26:04 EEST 2008


Timo Sirainen <tss at iki.fi> writes:
> On Fri, 2008-10-17 at 19:04 +0200, Sascha Wilde wrote:
>> http://hg.intevation.org/kolab/dovecot-1.2_kolab-branch/
>> 
>> Timo, what would be needed to get the new back end upstream?
>
> Some small things:
>
>  - rename checkpassword-common.c to db-checkpassword.c so it's
> consistent with others.

[x] done

>  - userdb checkpassword is a new dovecot-specific extension, so you can
> drop all vpopmail etc. exit code handlers. Just 3 needed: success, user
> doesn't exist and internal error (also being the default).

[x] done

    Currently the code handles only two cases: success and (any kind of)
    error.  The passdb-checkpassword stuff seems not to handle "user
    doesn't exist" in any special way, so I don't see why the userdb
    backend should.

>  - a valid userdb checkpassword script shouldn't be a valid passdb
> checkpassword script to avoid accidents. I guess this could be done by

I don't agree here.  I think it would be ok to have only one
checkpassword executable to handle both cases.

> 1) Require userdb scripts to set USERDB environment.
>
> 2) checkpassword-reply checks if USERDB environment is set. If it is,
> return exit code 2 instead of 0.
>
> 3) userdb-checkpassword.c's success exit code is 2. exit code 0 would
> produce failure.
>
> Hmm. Or perhaps instead of USERDB change the AUTHORIZED environment's
> value to something else.

1) I fully agree that it is a very good idea that, if AUTHORIZED is set
   checkpassword-reply should return something != 0 at success and
   userdb-checkpassword should expect this very value.

   I'll implement that.

2) I don't understand why the checkpassword program[0] should change the
   environment in any way.

cheers
sascha

[0] I guess that's what you mean by "userdb scripts"
-- 
Sascha Wilde                                          OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/                  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20081020/d22ebcdb/attachment.bin 


More information about the dovecot mailing list