dovecot - Nov 2012 - Default fallback behaviour

Hello list,

Here is the problem:
I have few:
passdb {
#1
}
passdb {
#2
}
And relative userdb sections. If user not found in 1) section it fallbacks
to next one - it's expected and right, IMHO. But when the user exists in
both section and password verification fails on 1) database it successfully
authenticated on next one. I think this behaviour should be configured. The
main goal of 1) section for this server is to overwrite users in main
(section2) database.

Maybe I missed something and this option is already in dovecot code and I
can't find it ? Or if not - will it be added in the future ?

Dovecot version 2.1.10.

Il 23/11/2012 08:46, Nikita Koshikov ha scritto:
> Hello list,
>
> Here is the problem:
> I have few:
> passdb {
> #1
> }
> passdb {
> #2
> }
> And relative userdb sections. If user not found in 1) section it fallbacks
> to next one - it's expected and right, IMHO. But when the user exists
in
> both section and password verification fails on 1) database it successfully
> authenticated on next one. I think this behaviour should be configured. The
> main goal of 1) section for this server is to overwrite users in main
> (section2) database.
>
> Maybe I missed something and this option is already in dovecot code and I
> can't find it ? Or if not - will it be added in the future ?
>
> Dovecot version 2.1.10.
>
You can enable this features by adding "deny=yes" in the passdb 
extra_fields of specific users.

You can find more information here: 
http://wiki2.dovecot.org/AuthDatabase/PasswdFile ot you can use the 
"auth-deny.conf.ext" example configuration.

Ciao

-- 
Alessio Cecchi is:
@ ILS -> http://www.linux.it/~alessice/
on LinkedIn -> http://www.linkedin.com/in/alessice
Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/
@ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it

On 23.11.2012, at 9.46, Nikita Koshikov wrote:
> Hello list,
> 
> Here is the problem:
> I have few:
> passdb {
> #1
> }
> passdb {
> #2
> }
> And relative userdb sections. If user not found in 1) section it fallbacks
> to next one - it's expected and right, IMHO. But when the user exists
in
> both section and password verification fails on 1) database it successfully
> authenticated on next one. I think this behaviour should be configured. The
> main goal of 1) section for this server is to overwrite users in main
> (section2) database.
It's not always possible to know why #1 failed. For example PAM doesn't
always tell if the password was wrong or if the user didn't exist.
> Maybe I missed something and this option is already in dovecot code and I
> can't find it ? Or if not - will it be added in the future ?

I'm not very interested in adding it, especially because it can't be
done reliably.