[Dovecot] Master user creds for proxy stored statically/locally?

Dennis Guhl dg at dguhl.org
Wed Mar 16 14:00:41 EET 2011 

Sorry for not coming back to you earlier than this.

On Sun, Mar 13, 2011 at 10:35:57PM -0400, Edward Carraro wrote:
> Thanks for the reply Dennis

dnf

> On Sun, Mar 13, 2011 at 7:19 PM, Dennis Guhl <dg at dguhl.org> wrote:
> 
> >
> > You should not save the master users credentials with the mail user
> > credentials. Instead you should use a dedicated userdb and passdb.
> >
> > For further reference have a look at
> > http://wiki2.dovecot.org/Authentication/MasterUsers.
> 
> I created the htpasswd file on the destination server already. Does it also
> need to be done on the proxy?

What do you mean here? Did you create a file like passwd.masterusers
with Apache's htpasswd(1) according to the wiki?

What is your configuration for the master user on the proxy
destination?

> > I don't undestand your question. You can either forward plaintext
> > credentials to your backend or authenticate on your proxy and go with
> > the proxys master user to your backend
> > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy).
> >
> > Dennis
> >
> 
> I'm trying to authenticate on the proxy and use the master user to connect
> to the backend, just not sure how thats done.

This makes it a little tricky for me to help you. Since I use dovecot
1.2 with password forwarding and MySQL instead of LDAP I am unable to
verify or test my suggestions.

> The link for ExtraFields says I need to return: master=s and pass=s
> 
> How do I state the user/pass for the master?
> 
> I've compiled my proxy with ldap support and created the same master user on
> the proxy that exists on the destination server.
> 
> I can telnet on the proxy still, but now its just creating user home
> directories on the proxy, and not going to the backend at all.
> 
> My proxy config
> 
> # 2.0.11: /usr/local/etc/dovecot/dovecot.conf
> # OS: Linux 2.6.26-2-openvz-amd64 i686 Debian 5.0.8

[..]

> auth_master_user_separator = *

[..]

> passdb {
>   args = /usr/local/etc/dovecot/master-users
>   driver = passwd-file
>   master = yes
>   pass = yes
> }

Both this you need on your backend.

> passdb {
>   args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }

[..]

> userdb {
>   args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }

In your /usr/local/etc/dovecot/dovecot-ldap.conf.ext you need to query
for the users username and password as always. In conjunction to this
you query for the additional fields or giveback the  static values.

This could be something like this:
 pass_attrs=uid=user, userPassword=password, =proxy=y, hostName=host, =master=your_master_username, =pass=your_master_users_password

Dennis

More information about the dovecot mailing list