forgot to reply all.
---------- Forwarded message --------- From: Larry Rosenman <larryrtx@gmail.com> Date: Mon, Apr 15, 2019 at 5:58 AM Subject: Re: SOLR/Index? To: John Fawcett <john@voipsupport.it>
the local users (myself, my wife, a friend) can authenticate EITHER as <username> or <username>@lerctr.org.
switching to all virtual users is NOT going to happen.
If I login to roundcube with <user>@lerctr.org it finds the autoindexed mail.
So, if I make everyone always authenticate as <user>@lerctr.org we should be fine.
and change my script to do doveadm -u <user>@<domain> instead of depending on the local user running the cron job.
question: Is there some way to have dovecot change what it sees to be <user>@lerctr.org when they login as <user>?
On Mon, Apr 15, 2019 at 5:54 AM John Fawcett via dovecot < dovecot@dovecot.org> wrote:
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
On 2019/04/15 06:59, Larry Rosenman via dovecot wrote:
FWIW, when I switched all users to be virtual to let the handful of people who had been logging in as <username> not have to switch to <username>@example.com I created a second passdb entry which points to different sql.conf file which automatically appends this specific domain, thereby letting them type in <username> but getting logged in as <username>@example.com so my dovecot logs always show <username>@example.com. Not sure if this helps you get around your issue.
.jh
These are REAL local users, authenticated via PAM....
On Mon, Apr 15, 2019 at 6:26 AM Johan Huldtgren via dovecot < dovecot@dovecot.org> wrote:
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
On 15/04/2019 12:59, Larry Rosenman via dovecot wrote:
Dovecot is very configurable, but it can also take some time, effort and testing to get the configuration you want. Personally I don't mix user types since it takes out an element of complexity.
For your case you might find it useful to look into auth_default_realm
that can specify a domain name when one is not supplied.
https://wiki2.dovecot.org/DomainLost
Other things that might be useful: there is a method for returning a "user" field from the userdb query or passdb query which will change the username. Or there is another setting that can overriding values of fields returned by the userdb.
https://wiki.dovecot.org/UserDatabase
Hope it helps!
John
Again, this doesn't help with doveadm running as the local user, and also doesn't help with the PAM authentication.
passdb { driver = pam #[session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=20] #[cache_key=<key>] [<service name>] args = failure_show_msg=yes session=yes max_requests=20 skip = authenticated }
How can I default the domain for PAM authentication? (I've set auth_default_realm and it doesn't help in this case).
System users (NSS, /etc/passwd, or similiar). In many systems nowadays
this
uses Name Service Switch, which is configured in /etc/nsswitch.conf.
userdb {
<doc/wiki/AuthDatabase.Passwd.txt>
driver = passwd-file
[blocking=no]
args = username_format=%Ln /etc/passwd #override_fields = user=%Ln /etc #name = %Ln
Override fields from passwd
#override_fields = home=/home/virtual/%u #skip = found }
On Mon, Apr 15, 2019 at 6:31 AM John Fawcett via dovecot < dovecot@dovecot.org> wrote:
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
On 15/04/2019 13:43, Larry Rosenman via dovecot wrote:
Larry
I guess I don't understand enough about your setup or what is not now working.
My understanding was that everything is now working when logging in as user@domain, but that you would like to login as user and have dovecot treat that as though you had logged in as user@domain, but at this point I admit I may have misinterpreted your emails.
What's also not clear for me is the purpose in your setup of the three passdb methods (sql, static, and pam) and two userdb methods (sql and passwd-file). That's why I've pointed you to the docs and I'm hestitant to give specific advice that may leave you worse off. Others on the list may have more insights.
John
I have normal system users, some and some virtual domains (2 different flavors).
I have this job that runs from cron on my own userid to archive mail I want Dovecot to use my system password for mail authentication. I, therefore, use PAM to authenticate system users Everything works great, modulo getting the auto-index to be visible using RoundCube (which if I log into roundcube using <user>@<domain> it does). by default if I'm logged in as my normal OS user, default doveadm commands (as issued from the shell or from my archive script) use the user I'm logged in as *WITHOUT A DOMAIN*.
I want to default PAM auth'd users to append @lerctr.org (DOMAIN) to the OS user.
On Mon, Apr 15, 2019 at 7:34 AM John Fawcett via dovecot < dovecot@dovecot.org> wrote:
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
yes, either with or without the domain.
On Mon, Apr 15, 2019 at 9:33 AM John Fawcett via dovecot < dovecot@dovecot.org> wrote:
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
On 15/04/2019 16:34, Larry Rosenman via dovecot wrote:
So if all works fine when you specify user@domain in roundcube, but you want to be able to specify only username in roundcube and have roundcube login as user@domain, then one solution would be to configure roundcube to add a default domain to bare usernames. As far as I remember (it's a while since I used roundcube) it is one of the configuration options.
John
Aki (via private chat) told me about adding override_fields = domain=lerctr.org
to my PAM passdb, and /etc/passwd userdb.
This solves the problem nicely.
On Mon, Apr 15, 2019 at 2:30 PM Tanstaafl via dovecot <dovecot@dovecot.org> wrote:
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
participants (4)
-
Johan Huldtgren
-
John Fawcett
-
Larry Rosenman
-
Tanstaafl