Trying to do a little (cosmetic) tweak to my configuration and just don't
seem to be able to come up with a set of options that works.
My POP/IMAP configuration is working just fine in terms of mail retrieval,
etc. What I'm seeing in the logs now is...
Aug 13 18:15:17 test2 dovecot: pop3-login: Login: user=<support>,
method=PLAIN, rip=10.11.12.12, lip=10.11.12.13
I would prefer (for ease of troubleshooting) to have
"user=<support at realm.com>" appear in the logs instead, to
save having to
figure the realm from the IP value. Have played around with various
combinations of %u, %n and %d and all I seem to be able to accomplish is
break the working part of the config. I'm sure the answer is probably
something simple, or some combination I haven't tried... but it's
certainly
escaping me at the moment.
The relevant (I think) part of my config follows. The usernames in the
mentioned passwd and shadow files are in the 'user' format (ie. not
'user at realm').
--snip--
mail_location = mbox:/vhome/%l/home/%n/mail:INBOX=/var/spool/vmail/%l/%n
auth_username_format = %n
passdb passwd-file {
args = /etc/vmail/shadow.%l
}
userdb passwd-file {
args = /etc/vmail/passwd.%l
}
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
--snip--
Hints and suggestions appreciated!
Cheers,>>>>> Mike <<<<<
On Mon, 2007-08-13 at 18:44 -0600, Mike Cisar wrote:> auth_username_format = %nThis setting drops the domain part permanently.> passdb passwd-file { > args = /etc/vmail/shadow.%l > } > userdb passwd-file { > args = /etc/vmail/passwd.%l > }Unfortunately you can't tell Dovecot to look up only username from these files without dropping the domain.. Perhaps it would be possible to set back the domain in these files though. You could try adding "user=user at domain" to extra fields in shadow. Or "userdb_user=user at domain" in passwd. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070824/52edf094/attachment-0002.bin>
> > auth_username_format = %n > > This setting drops the domain part permanently. > > Unfortunately you can't tell Dovecot to look up only username from > these files without dropping the domain..Thanks Timo. What I don't understand is that given... %u - username %n - user part in user at domain, same as %u if there's no domain %d - domain part in user at domain, empty if user there's no domain Even if I'm the configuration requires uses %n as the auth username... shouldn't the domain part still be available to me in %d (and likewise the full user at domain still in %u). In my mind it doesn't make sense (though it may make perfect sense to you, knowing how the coding is done) that %u should be permenantly stripped to match %n and %d is blanked... If I know that I need to use %n to look up the authentication and somewhere else in the process I also needed to have just the username part, I would just use %n again. Obviously the %d part is valid at some point, since I can (though in my configuration I chose %l instead) use it to specify the correct path to the passdb and userdb. Since as it stands, in effect %u and %d have one value in some places and a different one in another. I guess the easiest way of explaining what I mean is to say... is there any reason (programming-wise) that the value of %u can't always be left the full user at domain from the client request, %n always be just the username portion and %d always the domain portion... from the start of execution of the client request to the end? Treated as constants rather than modified partway through the execution? Whether we use %n in one spot doesn't seem to negate that we might want %u and %d for something somewhere else. As I type, now that I think of it, I can see that having the value of %u change to represent the "username as used" as opposed to "username as submitted by client" could make sense. Maybe just %n and %d should/could be left constant? I could easily build the "user at domain" that I want in the logfile entry with "%n@%d"... If I still had the domain in %d. Cheers,>>>>> Mike <<<<<
> > What about if %u were permanently changed... but %n and %d left with > > the original values. It would seem that those people relying on the > > behavior of %u being stripped would not likely be using nor caring > > about the values of %n and %d since they are essentially discarding > > them anyway? That way you have %u acting as the "authentication > > username", and %n and %d containing the "username" and "domain" (as > sent by the client). > > Maybe, but it's still an incompatible change that could break existing > installations. Also you're thinking only about the case when you want > to drop the domain. auth_username_format can be used for a lot of other > things as well. It gets confusing if %n and %d sometimes change, but > sometimes don't.True, I hadn't thought about that. I'm not much of a C programmer especially in the scheme of something as complex as Dovecot... but if you could be so kind as to point me within a couple of metres of the location in the code where the changes to %n and %d get made by auth_username_format, I'll try to patch something myself locally on my servers to get the result I need for now and leave it up to you to decide if it's worthwhile adding additional variables at some point down the road to expose the original values. Cheers,>>>>> Mike <<<<<