dovecot.pkoch at dfgh.net
2014-Mar-27 15:04 UTC
[Dovecot] %{orig_user} missing in checkpassword-Script
Hi everybody, I'm using SSL client certificates or checkpassword scripts to authenticate our users. If a user sent a client certificate from his smartcard my checkpasswort will ignore the password, if he does not sent a client certificate but uses his OTP-token then my checkwassword script will check wether the password is a correct one time password. My problem is: the AUTH_USER variable will either contain the username that was configured in the mailclient (if auth_ssl_username_from_cert=false) or the username from the certificate (if auth_ssl_username_from_cert=true). I would like to compare both values, i.e. the %{user} Dovecot-variable and the %{orig_user} Dovecot-variable. But the environment of a checkpassword-script has only one of them. Any ideas? I tried to change the source and found the routine where all the AUTH_xxx environment variables are created. But the %{orig_user] variable was empty at that point, so no AUTH_ORIG_USER variable is created. I'm afraight that whenever the %{user}-Variable is replaced by the UID from the client certificate (due to auth_ssl_username_from_cert=true), the original value of %{user} is NOT copied into %{orig_user} Can someone more familiar with the dovecot source check this please or give me a hint where to look further Kind regards Peter Koch