Patch #9 adds support for Open Directory and an encrypted SSL keystore. Notes about this patch: It adds --enable-apple and --with-od options to configure (after running autoconf). It depends on patch #7 (hash_table_create/destroy). Automake wipes out this patch's changes to Makefile.in. The - framework options should come from Makefile.am but the author didn't do that. It uses a tab-stops-every-4 indentation style. It may compile and run only on Mac OS X 10.6, currently available via Apple Developer Connection. This code is stable but Apple is still verifying its robustness. This is the patch that needs the user name as extra_fields[0] in deliver, to handle user name aliases. More patches to come, probably after the holidays. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: patch9.txt URL: <http://dovecot.org/pipermail/dovecot/attachments/20081222/c84522a0/attachment-0002.txt>
- Logging doesn't use the auth_request_log_*() calls like rest of the Dovecot-auth. Now things like service name (imap, pop3, ..) or remote IP address aren't logged. - The debug logging probably could be enabled with auth_debug=yes instead of a separate debug option. Although it seems like it's more meant for developers with the __LINE__ and __FUNCTION__ strings and things like refcounts which aren't useful for admins. - The debug logging seems to be written mostly for developers. Are they still even useful at that level (e.g. refcounts More admin- oriented debug logging (with auth_debug=yes) would also have been helpful. - The hardcoded maildir: and quota_rule stuff won't get in like that. :) They'll have to be configurable somehow. Actually couldn't the whole configuration have been just like with ldap db? (Or actually the ldap config is a bit annoying, I was planning on making the user/ pass_attrs be configured a bit differently.) - Passing in_od_info->mem_pool all around just seems to make the code more confusing, since I doubt it's ever going to be anything else than system_pool? - CRAM-MD5 and APOP request/response handler stealing is pretty evil, especially with the duplicated structs. I'm sure there's a better way, although probably requires larger changes. - There are a lot of imap/pop3 references. How would e.g. managesieve work? - I'd change several if + i_error() checks to just i_assert()s.
Sorry for sneaking in this thread, but it might be a reason for a patch on the Apple side. Up until 10.3.9 Server, and 10.4 Client, I used to be able to create users with short name containing a dot. The latest OS doesn't allow that easily (there seem to be some not so clean workarounds), but the closest thing I can do is to create the primary short name with another character in place of the dot (for instance an underscore) and add an extra short name with the dot as I want it. Now, if I use PAM for authentication dovecot will not permit using the alternative dotted short name as it will seem to fail authentication. I do not remember exactly what is the issue, but I can do a test if you like. Other servers seem not to have an issue, just dovecot. Perhaps it is just an issue when interacting with PAM. Giuliano