This might require adding some new code to Dovecot to pull this off. But
it would be extremely powerful if I could get this to work. Here's the
situation.
Having a master password is great for helping users and doing tech
support. But - suppose I'm hosting many domains and I want to create
master passwords for each domain separately so that the owners of the
domain can log in as any user within that domain?
Here's the way I have things set up. I have a directory of passwd/shadow
pairs for each domain as follows:
/etc/vmail/passwd.domain1.com
/etc/vmail/shadow.domain1.com
/etc/vmail/passwd.domain2.com
/etc/vmail/shadow.domain2.com
Additionally I have a master domain used for management of the other
domains. The master domain is an email account for each domain under the
domain junkemailfilter.net.
domain1.com at junkemailfilter.net
domain2.com at junkemailfilter.net
The password and shadow files are like the others:
/etc/vmail/passwd.junkemailfilter.net
/etc/vmail/shadow.junkemailfilter.net
So - the idea is that the owners of the domain have access to the email
accounts on junkemailfilter.net and what I'm hoping to do is that they
can use this as the master password for their domain only. Example:
domain1.com at junkemailfilter.net
domain2.com at junkemailfilter.net
I suppose that the master password feature needs another new feature to
limit the scope of what it is allowed to be a master password for.
Something perhaps like:
passdb passwd-file {
# Path for passwd-file
args = /etc/vmail/shadow.junkemailfilter.net
master = yes
scope = *@%u
}
In the above example "%u" is the user part of the master password. So
that that master user would be for example
"domain1.com at junkemailfilter.net" and it would be the master
password
only for users of domain1.com and not domain2.com.
So - if you can follow this - then you will see that this would be a
really cool feature to have. And - I'm guessing that it might be easy to
implement.
On Wed, 2006-04-12 at 16:16 -0700, Marc Perkel wrote:> Having a master password is great for helping users and doing tech > support. But - suppose I'm hosting many domains and I want to create > master passwords for each domain separately so that the owners of the > domain can log in as any user within that domain?How about if you used checkpassword as passdb? You can build your own script which checks the authentication databases and checks that the master user is valid. Dovecot gives the master user to checkpassword via MASTER_USER environment. As for a more complex solution, I don't think it'll happen until more people start bugging me about it, and even then not before v1.0 :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20060421/727962d0/attachment.bin>