On 15/04/2019 12:59, Larry Rosenman via dovecot wrote:> forgot to reply all. > > ---------- Forwarded message --------- > From: *Larry Rosenman* <larryrtx at gmail.com <mailto:larryrtx at gmail.com>> > Date: Mon, Apr 15, 2019 at 5:58 AM > Subject: Re: SOLR/Index? > To: John Fawcett <john at voipsupport.it <mailto:john at voipsupport.it>> > > > the local users (myself, my wife, a friend) can authenticate EITHER as > <username> or <username>@lerctr.org <http://lerctr.org>. > > switching to all virtual users is NOT going to happen.? > > If I login to roundcube?with <user>@lerctr.org <http://lerctr.org> it > finds the autoindexed?mail. > > So, if I make everyone always authenticate as <user>@lerctr.org > <http://lerctr.org> we should be fine. > > and change my script to do doveadm?-u <user>@<domain> instead of > depending on the local user running the cron job.? > > question: Is there some way to have dovecot change what it sees to be > <user>@lerctr.org <http://lerctr.org> when they login as <user>? > >Dovecot is very configurable, but it can also take some time, effort and testing to get the configuration you want. Personally I don't mix user types since it takes out an element of complexity. For your case you might find it useful to look into auth_default_realm that can specify a domain name when one is not supplied. https://wiki2.dovecot.org/DomainLost Other things that might be useful: there is a method for returning a "user" field from the userdb query or passdb query which will change the username. Or there is another setting that can overriding values of fields returned by the userdb. https://wiki.dovecot.org/UserDatabase Hope it helps! John -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190415/b8431068/attachment.html>
Again, this doesn't help with doveadm running as the local user, and also
doesn't help with
the PAM authentication.
passdb {
driver = pam
#[session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=20]
#[cache_key=<key>] [<service name>]
args = failure_show_msg=yes session=yes max_requests=20
skip = authenticated
}
How can I default the domain for PAM authentication?
(I've set auth_default_realm and it doesn't help in this case).
# System users (NSS, /etc/passwd, or similiar). In many systems nowadays
this
# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
userdb {
# <doc/wiki/AuthDatabase.Passwd.txt>
driver = passwd-file
# [blocking=no]
args = username_format=%Ln /etc/passwd
#override_fields = user=%Ln /etc
#name = %Ln
# Override fields from passwd
#override_fields = home=/home/virtual/%u
#skip = found
}
On Mon, Apr 15, 2019 at 6:31 AM John Fawcett via dovecot <
dovecot at dovecot.org> wrote:
> On 15/04/2019 12:59, Larry Rosenman via dovecot wrote:
>
> forgot to reply all.
>
> ---------- Forwarded message ---------
> From: Larry Rosenman <larryrtx at gmail.com>
> Date: Mon, Apr 15, 2019 at 5:58 AM
> Subject: Re: SOLR/Index?
> To: John Fawcett <john at voipsupport.it>
>
>
> the local users (myself, my wife, a friend) can authenticate EITHER as
> <username> or <username>@lerctr.org.
>
> switching to all virtual users is NOT going to happen.
>
> If I login to roundcube with <user>@lerctr.org it finds the
> autoindexed mail.
>
> So, if I make everyone always authenticate as <user>@lerctr.org we
should
> be fine.
>
> and change my script to do doveadm -u <user>@<domain> instead
of depending
> on the local user running the cron job.
>
> question: Is there some way to have dovecot change what it sees to be
> <user>@lerctr.org when they login as <user>?
>
>
> Dovecot is very configurable, but it can also take some time, effort and
> testing to get the configuration you want. Personally I don't mix user
> types since it takes out an element of complexity.
>
> For your case you might find it useful to look into auth_default_realm
>
> that can specify a domain name when one is not supplied.
>
> https://wiki2.dovecot.org/DomainLost
>
> Other things that might be useful: there is a method for returning a
> "user" field from the userdb query or passdb query which will
change the
> username. Or there is another setting that can overriding values of fields
> returned by the userdb.
>
> https://wiki.dovecot.org/UserDatabase
>
> Hope it helps!
>
> John
>
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190415/6c2f5fc0/attachment.html>
On 15/04/2019 13:43, Larry Rosenman via dovecot wrote:> Again, this doesn't help with doveadm?running as the local user, and > also doesn't help with > the PAM authentication. > > passdb { > ? driver = pam > ? #[session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=20] > ? #[cache_key=<key>] [<service name>] > ? args = failure_show_msg=yes session=yes max_requests=20 > ? skip = authenticated > } > > How can I default the domain for PAM authentication? > (I've set auth_default_realm and it doesn't help in this case).Larry I guess I don't understand enough about your setup or what is not now working. My understanding was that everything is now working when logging in as user at domain, but that you would like to login as user and have dovecot treat that as though you had logged in as user at domain, but at this point I admit I may have misinterpreted your emails. What's also not clear for me is the purpose in your setup of the three passdb methods (sql, static, and pam) and two userdb methods (sql and passwd-file). That's why I've pointed you to the docs and I'm hestitant to give specific advice that may leave you worse off. Others on the list may have more insights. John