Using a separate passdb per service
Situation: one front-facing server running Dovecot as IMAP/POP3/ ManageSieve proxy, a mixture of IMAP servers (Dovecot, Exchange, ...) in the back-end. Dovecot's passdb does lookups against MySQL which contains a simple user/host mapping, the actual authentication happens on the back-end IMAP servers. The configuration is more or less as described here: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
Now I would like to add a Postfix instance on the front-facing server which listens on the submission port and authenticates users via SASL using the local Dovecot's UNIX socket. The idea being that a user only needs to remember one single hostname, one username and one password for all mail-related services.
The problem is that Dovecot is operating in proxy mode, which means that the password_query returns NULL as the password and explicitly returns a field "nopasswd" containing "Y". Thus, users can not authenticate against the UNIX socket.
What I think I want to do is convince Dovecot to use one passdb for the imap/pop3/managesieve services and different one for the "auth" service.
The configuration snippet below doesn't work, but it should illustrate what I want to achieve:
Example mysql-auth-sasl.conf.ext
Example mysql-auth-default.conf.ext:
Any pointers?
Gerry
I'm not sure if this would work, but possibly having two separate instances of dovecot with separate configs running may work for you.
http://wiki2.dovecot.org/RunningDovecot
On 08/07/15 11:04, Gerry wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 7 Aug 2015, Gerry wrote:
What I think I want to do is convince Dovecot to use one passdb for the imap/pop3/managesieve services and different one for the "auth" service.
As far as I know, all services use the "auth" in the back.
But you have the "%s" / service variable. You should be able to craft a SQL query, that returns NULL & nopasswd=Y, if postfix is not querying Dovecot.
I don't know, which service name postfix passes to Dovecot, though,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVchZsHz1H7kL/d9rAQIaLwf/WXnI9PMGuN042g7VzfDlZxbsVTvck55X DqPdy1P+YDtMCFpEbTxQG8m9EMfI82Zcd3rzqGbcaMbFqatG7TsucBg06S5j7XSX fs/jNX6DwAdmNIRzjrEU5a8M+Zpo6ifWohBO1IMax3sAs4Z9v+O/hEjX1wiKed24 nFA1QNFG/s2bjDUbf7WBYnU0MnFPeUmMJzy5sR+zFC9lWbaj+Y9b6ayMbdlhVvcz 8qu827/i+2McHlDiS3a2JmwuYTyGpPwfryIojjgTnYvxB1Ex4qsI/mfk8s2am6hY SIvi0Btdlb/ZUmxMy8WKj/hko4Mb+nxO6FBpMU8V8opTJHHUuLf0UA== =1Wip -----END PGP SIGNATURE-----
participants (3)
-
Edgar Pettijohn
-
Gerry
-
Steffen Kaiser