[Dovecot] How to grant a kerberos ticket after successful imap authentication from dovecot
André Rodier
andre.rodier at red2.co.uk
Thu Mar 31 17:54:35 EEST 2011
On 31/03/2011 15:37, Timo Sirainen wrote:
> On 31.3.2011, at 17.32, André Rodier wrote:
>
>> Thanks, Timo.
>>
>> So, other questions:
>>
>> * Can I use a post login script to try to initialise the kerberos
>> ticket ?
>
> With v1.x yes, with v2.x no (because in v2.x it's again in a separate process to allow support for multiple clients per process).
>
>> * Can I write a dovecot plugin in C/C++ to do that, and in this case ?
>
> Yes.
>
>> * If I use a plugin or a script, do I have access to the username /
>> password ?
>
> Username yes, password no. I guess you could modify Dovecot code so PAM code saves the password and passes it to mail process.
>
>> * If I use a plugin, where can I found a skeleton ?
>
> v1.x or v2.x? v1.x is really simple, v2.x needs more work.
>
> How are mails delivered then anyway? Doesn't that process also need some kerberos ticket?
Hello Timo,
You were right. Since I have switched to MFSv4/Kerberos, I started by
testing the mail access before the delivery.
Testing just now the dovecot deliver script fail as well...
I probably have to use another method to obtain the ticket.
I can also try to use a virtual user for the whole mail storage...
If I found a solution, I'll post it on this list.
I use dovecot 1.2, included by default on Debian squeeze.
Kind regards.
André Rodier.
More information about the dovecot
mailing list