Steven Murdoch
2013-Aug-26 22:08 UTC
[Dovecot] Logging pre-rewrite user ID for application-specific passwords
I have set up Dovecot v2.2.5 with application-specific passwords, along the
lines of this blog post
(http://www.dgsiegel.net/news/2013_05_21-application_specific_passwords_for_dovecot).
My users file looks like:
user-foo:{BLF-CRYPT}$2...:42:42::/home/user::allow_nets=127.0.0.1/32 user=user
user-bar:{BLF-CRYPT}$2...:42:42::/home/user::user=user
user:{BLF-CRYPT}$2...:42:42::/home/user::nologin
In this way, user-foo can log in with one password (but only from localhost),
user-bar can log in from any host with a different password, but both actually
being treated as the same user.
When these users log in through, the log entries look like:
Aug 26 23:03:01 hostname dovecot: imap-login: Login: user=<user>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=12345, TLS
Whereas I would like to see the original user name (prior to the re-write), i.e.
user-foo and user-bar so I can keep track of which user names are in use and
from where.
Is there some way to do this? I couldn't see any of the variables being
suitable.
There is some information in the debug logs, but I would prefer not to need to
leave this on when I don't need them.
Thanks in advance.
Steven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20130826/0e2c8071/attachment-0001.bin>
Timo Sirainen
2013-Sep-21 22:42 UTC
[Dovecot] Logging pre-rewrite user ID for application-specific passwords
On 27.8.2013, at 1.08, Steven Murdoch <steven.murdoch at cl.cam.ac.uk> wrote:> I have set up Dovecot v2.2.5 with application-specific passwords, along the lines of this blog post (http://www.dgsiegel.net/news/2013_05_21-application_specific_passwords_for_dovecot). > > My users file looks like: > user-foo:{BLF-CRYPT}$2...:42:42::/home/user::allow_nets=127.0.0.1/32 user=user > user-bar:{BLF-CRYPT}$2...:42:42::/home/user::user=user > user:{BLF-CRYPT}$2...:42:42::/home/user::nologin > > In this way, user-foo can log in with one password (but only from localhost), user-bar can log in from any host with a different password, but both actually being treated as the same user. > > When these users log in through, the log entries look like: > Aug 26 23:03:01 hostname dovecot: imap-login: Login: user=<user>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=12345, TLS > > Whereas I would like to see the original user name (prior to the re-write), i.e. user-foo and user-bar so I can keep track of which user names are in use and from where. > > Is there some way to do this? I couldn't see any of the variables being suitable.Added: http://hg.dovecot.org/dovecot-2.2/rev/a32eea97afc1 So you can use %{orig_user} in login_log_format_elements.