Dale Gallagher
2008-Oct-22 10:00 UTC
[Dovecot] logging IMAP username rather than UNIX username
Hi there
I'd like to change my setup to log the _actual_ IMAP user's login,
rather than the UNIX username. My system uses a virtual uid setup with
qmail, where the mailboxes are owned by the 'vmail' user and
authentication is via checkpassword using user%domain (ie email, just
with % instead of @). So dovecot is recording _all_ logins as:
imap-login: Login: user=<vmail>, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
I have the following log format specified:
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
I have also tried:
login_log_format_elements = user=<%n@%d> method=%m rip=%r lip=%l %c
However, this results in a log file entry of:
imap-login: Login: user=<vmail@>, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
How do I configure dovecot to log the _actual_ username which the
client supplies during authentication?
Thanks
Dale
Dale Gallagher
2008-Oct-22 10:09 UTC
[Dovecot] logging IMAP username rather than UNIX username
My auth section config is:
auth default {
mechanisms = plain
passdb checkpassword {
args = /var/qmail/bin/qmail-vauth
}
userdb prefetch {
}
user = auth
}
2008/10/22 Dale Gallagher <dale.gallagher at
gmail.com>:> Hi there
>
> I'd like to change my setup to log the _actual_ IMAP user's login,
> rather than the UNIX username. My system uses a virtual uid setup with
> qmail, where the mailboxes are owned by the 'vmail' user and
> authentication is via checkpassword using user%domain (ie email, just
> with % instead of @). So dovecot is recording _all_ logins as:
>
> imap-login: Login: user=<vmail>, method=PLAIN, rip=127.0.0.1,
> lip=127.0.0.1, secured
>
> I have the following log format specified:
>
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
>
> I have also tried:
>
> login_log_format_elements = user=<%n@%d> method=%m rip=%r lip=%l
%c
>
> However, this results in a log file entry of:
>
> imap-login: Login: user=<vmail@>, method=PLAIN, rip=127.0.0.1,
> lip=127.0.0.1, secured
>
> How do I configure dovecot to log the _actual_ username which the
> client supplies during authentication?
>
> Thanks
> Dale
>
Timo Sirainen
2008-Oct-22 17:40 UTC
[Dovecot] logging IMAP username rather than UNIX username
On Wed, 2008-10-22 at 12:00 +0200, Dale Gallagher wrote:> Hi there > > I'd like to change my setup to log the _actual_ IMAP user's login, > rather than the UNIX username. My system uses a virtual uid setup with > qmail, where the mailboxes are owned by the 'vmail' user and > authentication is via checkpassword using user%domain (ie email, just > with % instead of @). So dovecot is recording _all_ logins as: > > imap-login: Login: user=<vmail>, method=PLAIN, rip=127.0.0.1, > lip=127.0.0.1, securedThat means your authentication changes the username.> passdb checkpassword { > args = /var/qmail/bin/qmail-vauth > }Most likely qmail-vauth changes USER environment to vmail. If you can't edit qmail-vauth directly, create a wrapper script that unsets the USER environment before calling Dovecot's checkpassword-reply. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20081022/a3ffeda2/attachment-0002.bin>
Dale Gallagher
2008-Oct-23 13:28 UTC
[Dovecot] logging IMAP username rather than UNIX username
Hi Timo 2008/10/22 Timo Sirainen <tss at iki.fi>:> That means your authentication changes the username. > >> passdb checkpassword { >> args = /var/qmail/bin/qmail-vauth >> } > > Most likely qmail-vauth changes USER environment to vmail. If you can't > edit qmail-vauth directly, create a wrapper script that unsets the USER > environment before calling Dovecot's checkpassword-reply.Yes, you're spot on! USER is changed. Thanks for the heads-up, I'll see if writing a wrapper works, without messing with the fact that the process has to run as the vmail user..... Thanks Dale