search for: master_user

...:userdb_acl_groups=umareadmaster allow_nets=127.0.0.1 # snap ############################### and use this group in a global ACL file. I discovered this only works on first NOT-cached login environment in imap-postlogin script on first login: AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c MASTER_USER=master at uma SPUSER=private/pdf LOCAL_IP=127.0.0.1 USER=pdf AUTH_USER=master at uma PWD=/var/run/dovecot USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER SHLVL=1 HOME=/var/data/vmail/private/pdf ACL_GROUPS=umareadmaster IP=127.0.0.1 _=/usr/bin/env on the second cached login it...

...l passdb and userdb lookup). All works fine for non-masteruser authentication (in this case dovecot makes a single call to checkpassword binary). But if a master-user authenticates, dovecot execute checkpassword-master binary, and then executes checkpassword binary. Checkpassword binary receive the MASTER_USER env and do all the checks correctly, when checkpassword finish, dovecot logs this message "auth(default): checkpassword: sighandler called for unknown child" and authentication fails... I'm trying checkpassword-reply and fd4 too, on 1.2.11 and 2.0b4, no success. Below is my config:...

...>> >> and use this group in a global ACL file. >> I discovered this only works on first NOT-cached login >> >> >> >> environment in imap-postlogin script on first login: >> >> >> AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c >> MASTER_USER=master at uma >> SPUSER=private/pdf >> LOCAL_IP=127.0.0.1 >> USER=pdf >> AUTH_USER=master at uma >> PWD=/var/run/dovecot >> USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER >> SHLVL=1 >> HOME=/var/data/vmail/private/pdf >> ACL...

How would I go, If I wanted ACL processing to start with %{auth_user} instead of %{user} when determining rights? -- peter

...snap ############################### > > and use this group in a global ACL file. > I discovered this only works on first NOT-cached login > > > > environment in imap-postlogin script on first login: > > > AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c > MASTER_USER=master at uma > SPUSER=private/pdf > LOCAL_IP=127.0.0.1 > USER=pdf > AUTH_USER=master at uma > PWD=/var/run/dovecot > USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER > SHLVL=1 > HOME=/var/data/vmail/private/pdf > ACL_GROUPS=umareadmaster > IP=127.0....

Hi, Quick question...I read in the docs that: "Master user is still subject to ACLs just like any other user, which means that by default the master user has no access to any mailboxes of the user." ... and that the standard workaround is to return master_user=%u from the userdb. But why is the master_user authn-id used in the ACLs and not the authz-id (requested-login-user) ? Isn't the whole point of SASL authz-id semantics to have authorization resolved based on the authz-id? /Peter

I have successfully set up the master user on the destination server (2.0.11) and tests have worked. now I'm working on the proxy Before I had the proxy just forward everything to the backend and had the destination server do the authentication. My authentication is done via LDAP but not really sure how to append the master user and password to the users credentials after authentication is

...in a global ACL file. >>> I discovered this only works on first NOT-cached login >>> >>> >>> >>> environment in imap-postlogin script on first login: >>> >>> >>> AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c >>> MASTER_USER=master at uma >>> SPUSER=private/pdf >>> LOCAL_IP=127.0.0.1 >>> USER=pdf >>> AUTH_USER=master at uma >>> PWD=/var/run/dovecot >>> USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER >>> SHLVL=1 >>> HOME=/var/dat...

Dear, We are integrating Samba with Active Directory in the company. The goal is to provide a samba share to users of AD. In this case, we need all users to write on the share, but nobody modify or delete any files. Even the user who owns it. With this, we would create only one AD user, if necessary with root powers, which could erase everything. For this, we test several lines, such as

...t_auth = no login_process_per_connection=yes auth_default_realm = example.com login_processes_count = 8 login_max_processes_count = 128 login_max_connections = 256 verbose_proctitle = yes max_mail_processes = 512 mail_debug = yes auth_verbose = yes auth_debug = yes auth_debug_passwords = yes auth_master_user_separator = * login_chroot = yes ssl = no protocol imap { imap_client_workarounds = delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep listen = xx.xx.xx.xx:143 imap_max_line_length = 65536 imap_logout_format = bytes=%i/%o mail_max_userip_connections = 10 } protocol pop3 { pop3_uid...

login me at mymail.net*theboss thebossespwd this is a great piece of software, but it has some frustrating issues. i have included my two configurations below, just FYI. the one (older) system is 1.0rc7 on mandriva 2007.0 and postfix 2.3.3 and amavisd and spamassassin and using a maildir configuration the newer system is 1.0.5 (soon to be 7) on mandriva 2008.0 and postfix 2.4.5 amavisd and

...don't fully understand why FTS needs to do any user lookup during indexing but, anyway, how can i workaround it? This is relevant config: passdb { driver = static args = password=[censored] allow_nets=[censored] } userdb { driver = static args = home=/var/mail/vhosts/%d/%n/home master_user=%u } plugin { fts = solr fts_solr = url=http://[censored]:8080/solr/ fts_autoindex = yes fts_autoindex_max_recent_msgs = 1000 } FTS is fully configured and working on proxy side (which is, currently, also a backend for most of the users - i will split it in stages, just wanted t...

...p the replication user: GRANT REPLICATION SLAVE ON *.* TO 'jf_slave'@'ops.somewhere.com' IDENTIFIED BY 'secret' REQUIRE SSL; Then back on the slave I used this command to connect the slave to the master: mysql> CHANGE MASTER TO MASTER_HOST='web2.somewhere.com', MASTER_USER='jf_slave', MASTER_PASSWORD='secret', MASTER_LOG_FILE='mysql-bin.000002', MASTER_LOG_POS=34697, MASTER_SSL=1, MASTER_SSL_CA = '/etc/pki/CA/certs/ca.crt', MASTER_SSL_CERT = '/etc/pki/tls/certs/mysql.crt', MASTER_SSL_KEY = '/etc/pki/tls/private/mysql.key...

Originally I was planning on allowing all kinds of mail settings inside namespace {}, including imapc_* settings. But that's a bit difficult to implement (although I think it will happen some day). So for now I was thinking: imapc foo { host = imap.foo.com master_user = foomaster password = foopass } imapc bar { host = imap.bar.com ... } namespace { prefix = foo/ location = imapc:foo } namespace { prefix = bar/ location = imapc:bar } So basically if the path after imapc isn't absolute (/path or ~/path), then treat the path as the imapc secti...

...roxy infrastructure. Today, I really struggle configuring master passwords forwarding. What I want: master user can connect to any other account, on proxy. Could please somebody help me, I read both articles about this on wiki, but still can't connect :( What I did: on proxy: auth_master_user_separator=* passdb sql { args = /usr/local/dovecot/etc/dovecot-master.conf master = yes pass = yes } -- dovecot-master.conf: (...) default_pass_scheme = CRYPT password_query = SELECT password FROM master_users WHERE username= '%u' AND status = 'ok' -- on destination se...

...\ groups as userdb_acl_groups, \ quota_rule as userdb_quota_rule \ FROM pd_users_full WHERE \ username = '%n' AND \ domain = '%d' AND \ external_auth IS FALSE AND \ master_user IS FALSE AND \ %Ls_ok IS TRUE user_query = SELECT fullusername as user, \ uid, \ gid, \ home, \ mail, \ groups as acl_groups, \ quota_rule \ FROM pd_users_full WHERE \ username...

...ecot/dovecot.conf | # 2.3.0.1 (ffd8a29): /opt/dovecot2.3/etc/dovecot/dovecot.conf # OS: FreeBSD 9.3-STABLE i386 ufs # OS: FreeBSD 9.3-STABLE i386 ufs # Hostname: localhost < auth_cache_size = 20 M auth_cache_size = 20 M auth_master_user_separator = * auth_master_user_separator = * auth_mechanisms = plain login digest-md5 auth_mechanisms = plain login digest-md5 auth_socket_path = /var/run/dovecot/auth-userdb auth_socket_path = /var/run/dovecot/auth-userdb base_dir = /var/run/dovecot/ base_dir =...

...table(imap): /root/dovecot-master-postlogin mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 lda: postmaster_address: postmaster at example.com auth default: master_user_separator: * debug: yes passdb: driver: passwd-file args: /etc/dovecot.passwd.masterusers pass: yes master: yes passdb: driver: pam userdb: driver: passwd # cat /root/dovecot-master-postlogin #!/bin/bash MASTER_USER=$USER export MASTER_USER exec /usr/libexec/doveco...

...TION SLAVE ON *.* TO 'jf_slave'@'ops.somewhere.com' > IDENTIFIED > BY 'secret' REQUIRE SSL; > > Then back on the slave I used this command to connect the slave to the > master: > > mysql> CHANGE MASTER TO MASTER_HOST='web2.somewhere.com', > MASTER_USER='jf_slave', MASTER_PASSWORD='secret', > MASTER_LOG_FILE='mysql-bin.000002', MASTER_LOG_POS=34697, MASTER_SSL=1, > MASTER_SSL_CA = '/etc/pki/CA/certs/ca.crt', MASTER_SSL_CERT = > '/etc/pki/tls/certs/mysql.crt', MASTER_SSL_KEY = > '/etc/pki/tls/...

...doveadm_mail_crypt_plugin.so: mail_crypt_box_get_public_key: symbol not found (this is usually intentional, so just ignore this message) doveadm(<username>): Debug: auth PASS input: doveadm(<username> 32679): Debug: auth USER input: <username> userdb_quota_rule=*:bytes=15728640000 master_user=<username> userdb_acl_groups=koakram@<domain>,wahlkampfnetzwerk@<domain>,wahlkalender 2017@<domain>,lgs@<domain> home=/var/dovecot/imap/<domain>/<user> doveadm(<username> 32679): Debug: Added userdb setting: plugin/master_user=<username> doveadm...