similar to: External auth database process

Hi all, I think I may be doing something wrong but, is it possible to proxy POP and IMAP users when using a checkpassword script as the passdb? I'm trying to write a perl script to handle authentication to a mix of SQL and POP3 sources whilst logging user passwords at the same time for a migration. At the moment, I'm trying to set environment variables to tell dovecot what to do:

Is it possible to run a bash script for authentication where a 0 exit code indicates success and a non-zero is failure? What I'm trying to do is create a shadow IMAP server that authenticates against a different server. That way my server will use the same passwords as an existing server. So what I would need is for dovecot to pass the username and password to my script, I attempt to log

I had been using the CheckPassword authentication interface with dovecot 2.2.15, https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working. After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki page says, Checkpassword Interface Read <username> NUL <password> NUL from fd 3. I've checked the information read from fd 3 with 2.2.33.2

I'm experimenting with checkpassword as an auth method for usedb and passdb (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb and passdb *exactly* as the wiki suggests as the "standard way": passdb { driver = checkpassword args = /user/util/bin/checkpassword } userdb { driver = prefetch } I've created a checkpassword program that does

On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > On 01.02.2018 08:00, Mark Foley wrote: > > I had been using the CheckPassword authentication interface with dovecot 2.2.15, > > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working. > > > > After upgrading to 2.2.33.2 CheckPassword no longer works. The

with passdb ldap i guess. ---Aki TuomiDovecot oy -------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for

http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz.sig * Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security + auth: Added ability to truncate values logged by auth_verbose_passwords

http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz.sig * Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security + auth: Added ability to truncate values logged by auth_verbose_passwords

I'm interested in using authentication via a UNIX socket as documented at http://wiki2.dovecot.org/AuthDatabase/Dict. (We are currently using a checkpassword script to enable us to authenticate against a django app that stores passwords in pbkdf2 format, but I'm concerned about scalability as we grow - specifically the comment about performance on

Hello, I'm trying to configure shared mailboxes with ACL. My problem is FS layout. Our maildirs is completely outside of home dirs (home dirs is on pure SSD zpool, maildirs on separate HDD zpool). We are using checkpassword auth, which sets mailbox_location for each user. Layout is following: maildirs: /dpool/mail/maldirs/user-uuid/ home is: /dpool/mail/home/user-uuid/ index &

Dear Timo thank you for the help your giving me these. I want to set expire plugin only for some domains in the same way I set autocreate plugin. vchkpw-wrapper.sh #!/bin/bash DOMAIN=`echo $VPOPUSER|sed s/^.*@//` echo $USER > /tmp/autocreate echo $DOMAIN >> /tmp/autocreate if [ "$DOMAIN" = "operaciones.qnet.com.pe" ]; then export USERDB_AUTOCREATE=INBOX.Spam

Hello, I've run into the issue detailed at https://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security Understandably I don't have the skills to modify checkpassword so if I do the suggested will it work? If you can't change the script, you can make Dovecot's checkpassword-reply binary setuid or setgid (e.g. chgrp dovecot /usr/libexec/dovecot/checkpassword-reply; chmod g+s

Hi Mark, Just to let you know that we are running dovecot with AD. (and I guess: *many* people are running that combination) It worked without issues, we are using in dovecot-ldap.conf.ext: > auth_bind = yes this user/passwd filter: > = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514))) > dn = cn=search_dovecit,cn=users,dc=company,dc=com > dnpass =

I have an interesting case here ? Virtual mailboxes, domain/username/aliases stored in MySQL, authentication done using PAM. PAM authenticates through Kerberos, which are internal realms and not the email domains ? for example, my username would be laz at PARAVIS.LOCAL <mailto:laz at PARAVIS.LOCAL> and my email address would be laz at paravis.net <mailto:laz at paravis.net>. All of

The -l flag is causing a metadata lookup for every file in the directory. The way the ls command does that it's with individual fstat calls to each directory entry. That's a lot of tiny network round trips with fops that don't even fill a standard frame thus each frame has a high percentage of overhead for tcp. Add to that the replica check to ensure you're not getting stale data

Hi, I have a situation where an apache web server is trying to locate the IndexDocument for a directory on a gluster volume. This URL is being hit roughly 20 times per second. There is only 1 file in this directory. However, the parent directory does have a large number of items (+123,000 files and dirs) and we are performing operations to move these files into 2 levels of

On 24.01.2017 00:06, rej ex wrote: > Because we are building some monitoring application, we will need to > record all failed and successful login attempts. We need to record > remote IP, entered password in plain text, and if possible whether auth > request is for SMTP or IMAP session. SMTP? Wouldn't that be handled by your MTA, not Dovecot? AKi Tuomi wrote: > Since

Thank you for the response Axel. I will look into that. I did attempt to switch the PAM/Kerberos authentication to Dovecot LDAP authentication, but now performance is unbelievably slow. For example, with PAM/Kerberos, a user can log into webmail and have all of their emails/folders showing almost immediately. When using Dovecot LDAP, it takes literally 8-10 seconds to see the same thing. I

Also note, Sam's example is comparing apples and orchards. Feeding one person from an orchard is not as efficient as feeding one person an apple, but if you're feeding 10000 people... Also in question with the NFS example, how long until that chown was flushed? How long until another client could see those changes? That is ignoring the biggie, what happens when the NFS server goes down?

Hi all, I'm currently using a PostgreSQL database for my user/password db, directly from dovecot. The trouble with that is that I'm stuck with whatever hash algorithms dovecot supports - which IIRC means (a subset of?) what libc has been compiled with, which can be a bit restrictive. So I'd like to use an external tool, which would also let me integrate other applications (eg web