Hello, I'm setting up (at least I try) to set up network services with single sign on. I could build and configure dovecat to use samba's ntlm_auth helper to achieve ntlm authentication of imap users. The point is, I wanted to restrict which users could actually authenticate through ntlm. The ntlm_auth helper has this ability with the --require-membership-of=... command line parameter. I first tried (unsuccessfully) to add this parameter to the auth_winbind_helper_path token in dovecot.conf, and figured out by checking the source that this was not possible. I then decided to patch the source so that one can pass any argument to the ntlm_auth helper by specifying at new line in dovecot.conf with the token "auth_winbind_helper_args" (for instance, what I wanted to do is "auth_winbind_helper_args = --require-membership-of=... ") Well, here comes the patch. It is to be used with recent 1.1.2 release. Best regards Fran?ois -------------- next part -------------- A non-text attachment was scrubbed... Name: ntlm_auth_args.patch Type: application/octet-stream Size: 5831 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20080725/e40d7a5d/attachment-0002.obj>
On Jul 25, 2008, at 7:22 AM, Fran?ois LEGAL wrote:> I first tried (unsuccessfully) to add this parameter to the > auth_winbind_helper_path token in dovecot.conf, and figured out by > checking the source that this was not possible. > I then decided to patch the source so that one can pass any argument > to the ntlm_auth helper by specifying at new line in dovecot.conf > with the token "auth_winbind_helper_args" (for instance, what I > wanted to do is "auth_winbind_helper_args = --require-membership- > of=... ")There are already too many settings, so do you think it would work ok if auth_winbind_helper_path was instead modified to support arguments? (could you send a patch for that too? :) -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080804/2e64262f/attachment-0002.bin>
devel at thom.fr.eu.org
2008-Aug-10 13:35 UTC
[Dovecot] optionnal arguments to ntlm_auth helper
> On Jul 25, 2008, at 7:22 AM, Fran?ois LEGAL wrote: > >> I first tried (unsuccessfully) to add this parameter to the >> auth_winbind_helper_path token in dovecot.conf, and figured out by >> checking the source that this was not possible. >> I then decided to patch the source so that one can pass any argument >> to the ntlm_auth helper by specifying at new line in dovecot.conf >> with the token "auth_winbind_helper_args" (for instance, what I >> wanted to do is "auth_winbind_helper_args = --require-membership- >> of=... ") > > There are already too many settings, so do you think it would work ok > if auth_winbind_helper_path was instead modified to support arguments?I guess it would> (could you send a patch for that too? :)Let me work on that, I'll come back to the list with the patch.> >Fran?ois --