In the course of experimenting with getting dovecot proxying to work, I took a guess at two things. These work fine for me, but now I'm wondering if they are "as designed" or just a lucky accident that might stop working in the future. (I'm using dovecot 1.0.rc17, which is the included version in Ubuntu Feisty. (I am aware that some details change in v1.1, and I'm not worried about that right now.) http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy 1. The wiki page says about password forwarding, "Make sure that the authentication succeeds with any given password. You can do this by using empty passwords." I didn't know exactly now to interpret that last part, so I tried returning NULL as the value of the "password" field for proxy cases. That seems to make dovecot skip the password check will forwarding the user-submitted password to the proxy target host. Is that the intent of that part of that wiki page? 2. It looks like any value at all for the "proxy" field in the passdb lookup turns proxying on. The one exception is a value of NULL for "proxy", in which case proxying is not turned on and proxy-related other fields are ignored. Is that how it's intended to work? If someone can give and informend confirmation that this is as-designed, I can add some clarifying remarks on those points on the wiki page. Thanks. -- bill-dovecot at carpenter.ORG (WJCarpenter) PGP 0x91865119 38 95 1B 69 C9 C6 3D 25 73 46 32 04 69 D6 ED F3
On Sun, 2008-02-03 at 12:03 -0800, WJCarpenter wrote:> http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > 1. The wiki page says about password forwarding, "Make sure that the > authentication succeeds with any given password. You can do this by > using empty passwords." I didn't know exactly now to interpret that > last part, so I tried returning NULL as the value of the "password" > field for proxy cases. That seems to make dovecot skip the password > check will forwarding the user-submitted password to the proxy target > host. Is that the intent of that part of that wiki page?I think '' would work as well as NULL, but NULL is better.> 2. It looks like any value at all for the "proxy" field in the passdb > lookup turns proxying on. The one exception is a value of NULL for > "proxy", in which case proxying is not turned on and proxy-related > other fields are ignored. Is that how it's intended to work?Yes. It might change in some future release, but currently I'm not planning on changing it. 'Y' would anyway be a future-safe choice. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080203/006d5fc8/attachment-0002.bin>
>> 2. It looks like any value at all for the "proxy" field in the passdb >> lookup turns proxying on. The one exception is a value of NULL for >> "proxy", in which case proxying is not turned on and proxy-related >> other fields are ignored. Is that how it's intended to work? >> > > Yes. It might change in some future release, but currently I'm not > planning on changing it. 'Y' would anyway be a future-safe choice. > >Thanks for the information. I was actually asking about the other side of the coin ... is it safe to assume that "proxy=NULL" will disable the proxying, at least for the 1.0 series? (I saw the "proxy_maybe" for 1.1, which is also OK for me when I get to that release.)