[Dovecot] How to grant a kerberos ticket after successful imap authentication from dovecot

André Rodier andre.rodier at red2.co.uk
Thu Mar 31 17:54:35 EEST 2011

On 31/03/2011 15:37, Timo Sirainen wrote:
> On 31.3.2011, at 17.32, André Rodier wrote:
>> Thanks, Timo.
>> So, other questions:
>>    * Can I use a post login script to try to initialise the kerberos
>>      ticket ?
> With v1.x yes, with v2.x no (because in v2.x it's again in a separate process to allow support for multiple clients per process).
>>    * Can I write a dovecot plugin in C/C++ to do that, and in this case ?
> Yes.
>>    * If I use a plugin or a script, do I have access to the username /
>>      password ?
> Username yes, password no. I guess you could modify Dovecot code so PAM code saves the password and passes it to mail process.
>>    * If I use a plugin, where can I found a skeleton ?
> v1.x or v2.x? v1.x is really simple, v2.x needs more work.
> How are mails delivered then anyway? Doesn't that process also need some kerberos ticket?

Hello Timo,

You were right. Since I have switched to MFSv4/Kerberos, I started by 
testing the mail access before the delivery.

Testing just now the dovecot deliver script fail as well...
I probably have to use another method to obtain the ticket.

I can also try to use a virtual user for the whole mail storage...
If I found a solution, I'll post it on this list.

I use dovecot 1.2, included by default on Debian squeeze.

Kind regards.
André Rodier.

More information about the dovecot mailing list