Can I have a master users list for each virtual domain? I'm not sure
from what I read on the page:
http://wiki.dovecot.org/Authentication/MasterUsers
auth default {
mechanisms = plain login CRAM-MD5
passdb passwd-file {
args = /var/mail/vhosts/%d/passwd.masterusers
master = yes
pass = yes
}
passdb passwd-file {
args = username_format=%n /var/mail/vhosts/%d/passwd
}
userdb passwd-file {
args = username_format=%n /var/mail/vhosts/%d/passwd
}
...
}
TIA,
Rod
--
On Oct 15, 2008, at 11:19 PM, Roderick A. Anderson wrote:> Can I have a master users list for each virtual domain? I'm not > sure from what I read on the page:Not really. There are two possibilities that I can think of: a) Use passdb checkpassword and verify that the master user ($MASTER_USER environment) is valid for the current username. b) Let the user log in and change mail_executable to be a script that does the same check as a). This is potentially dangerous, since it works only for imap/pop3 process, not necessarily for others that may come in future or e.g. SMTP AUTH..> passdb passwd-file { > args = /var/mail/vhosts/%d/passwd.masterusers > master = yes > pass = yes > }This allows you to list master at domain users in separate files, but each user can still authenticate as anyone from any domain. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20081016/2a49ae3c/attachment-0002.bin>
Timo Sirainen wrote:> On Oct 15, 2008, at 11:19 PM, Roderick A. Anderson wrote: > >> Can I have a master users list for each virtual domain? I'm not sure >> from what I read on the page: > > Not really. There are two possibilities that I can think of: > > a) Use passdb checkpassword and verify that the master user > ($MASTER_USER environment) is valid for the current username.I'll look into this.> b) Let the user log in and change mail_executable to be a script that > does the same check as a). This is potentially dangerous, since it works > only for imap/pop3 process, not necessarily for others that may come in > future or e.g. SMTP AUTH.. > >> passdb passwd-file { >> args = /var/mail/vhosts/%d/passwd.masterusers >> master = yes >> pass = yes >> } > > This allows you to list master at domain users in separate files, but each > user can still authenticate as anyone from any domain.Does the IMAP specification call for Master Users (I don't remember seeing it?) Or is this an implementation specific (Dovecot, et al.) _feature_? How difficult would it be to make per-domain master user(s) a part of Dovecot? Rod -- Rod --