dovecot - Jun 2021 - Mapping usernames used for authentication to UNIX usernames

Hi,

I'm looking for some advice or pointers how to best solve a small 
problem that I have. I have no doubt that this can be done in dovecot, 
but I'm struggling to find the easiest way to implement it.

First of all, what I have:
I have a relative small dovecot setup for a dozen domains, and about 50 
users in total. All users use IMAP to retrieve mail, and SMTP submission 
protocol to submit email.
Because of the small size, every user has its own UNIX account, 
authentication is done using PAM and mail is stored in a Maildir folder 
in their home directory.
Works perfectly!

There is one minor inconvenience. When a new mail client is configured, 
users (often guided by the auto config generator of the mail client) 
tend to use their email address as the username to authenticate instead 
of their UNIX account name, which fails of course.

Would it be possible to configure something that will map an email 
address to the UNIX account name and use the account name for 
authentication and obtaining the related information (uid, gid, home dir)?

I do have two concerns:

1) I do not want to break existing mail configurations, so 
authentication with the UNIX username should still be possible.
2)? I cannot do a simple reg. exp for the translation because every 
email domain has e.g. an info at domain.com mailbox, and I do not want them 
all to go to UNIX user "info".

As said, I would appreciate any advice on how this can be configured the 
easiest.

Thanks in advance.

Kind regards,

Frank

probably thinking about this backwards, use the full email address by 
default, and if they only provide the user name, then concatonate the 
proper domain before authentication.

full email address should be the preferred default moving forward.

On 2021-06-16 6:58 a.m., Frank Volf wrote:
> 
> Hi,
> 
> I'm looking for some advice or pointers how to best solve a small 
> problem that I have. I have no doubt that this can be done in dovecot, 
> but I'm struggling to find the easiest way to implement it.
> 
> First of all, what I have:
> I have a relative small dovecot setup for a dozen domains, and about 50 
> users in total. All users use IMAP to retrieve mail, and SMTP submission 
> protocol to submit email.
> Because of the small size, every user has its own UNIX account, 
> authentication is done using PAM and mail is stored in a Maildir folder 
> in their home directory.
> Works perfectly!
> 
> There is one minor inconvenience. When a new mail client is configured, 
> users (often guided by the auto config generator of the mail client) 
> tend to use their email address as the username to authenticate instead 
> of their UNIX account name, which fails of course.
> 
> Would it be possible to configure something that will map an email 
> address to the UNIX account name and use the account name for 
> authentication and obtaining the related information (uid, gid, home dir)?
> 
> I do have two concerns:
> 
> 1) I do not want to break existing mail configurations, so 
> authentication with the UNIX username should still be possible.
> 2)? I cannot do a simple reg. exp for the translation because every 
> email domain has e.g. an info at domain.com mailbox, and I do not want them
> all to go to UNIX user "info".
> 
> As said, I would appreciate any advice on how this can be configured the 
> easiest.
> 
> Thanks in advance.
> 
> Kind regards,
> 
> Frank
> 


-- 
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices
Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

Frank> I'm looking for some advice or pointers how to best solve a
Frank> small problem that I have. I have no doubt that this can be
Frank> done in dovecot, but I'm struggling to find the easiest way to
Frank> implement it.

Frank> First of all, what I have:
Frank> I have a relative small dovecot setup for a dozen domains, and about
50
Frank> users in total. All users use IMAP to retrieve mail, and SMTP
submission
Frank> protocol to submit email.

Frank> Because of the small size, every user has its own UNIX account,
Frank> authentication is done using PAM and mail is stored in a
Frank> Maildir folder in their home directory.  Works perfectly!

Do these users ever login and use their Unix account?  Or do they only
access the system via IMAP to read email?  If this, then I would
completely move away from local accounts and unix home dirs and just
use virtual users instead.  Then you login with your email address and
password to get mail.  Much simpler!

Frank> There is one minor inconvenience. When a new mail client is
Frank> configured, users (often guided by the auto config generator of
Frank> the mail client) tend to use their email address as the
Frank> username to authenticate instead of their UNIX account name,
Frank> which fails of course.

Frank> Would it be possible to configure something that will map an
Frank> email address to the UNIX account name and use the account name
Frank> for authentication and obtaining the related information (uid,
Frank> gid, home dir)?

Frank> I do have two concerns:

Frank> 1) I do not want to break existing mail configurations, so 
Frank> authentication with the UNIX username should still be possible.

I think you can have multiple usernames pointing to the same backend
account, so moving to virtual users would be even simpler.

Frank> 2)? I cannot do a simple reg. exp for the translation because
Frank> every email domain has e.g. an info at domain.com mailbox, and I
Frank> do not want them all to go to UNIX user "info".

Even if you do offer Unix logins, I would still seperate the user
email logins from the Unix logins.  Just having all email access
happen via IMAP makes things simpler.  And if they want to read email
from their unix acocunt, a text based IMAP tool like mutt should be
good enough.

John