Displaying 20 results from an estimated 2000 matches similar to: "auth_default_realm, pam_krb5, gssapi"
2011 Oct 04
2
GSSAPI and deny=yes passdb
Hi. Is it possible to use GSSAPI authentication and deny passdb
together? Seems it doesn't work as I expect: GSSAPI doesn't check deny
passdb, so I'm not able to restrict access to GSSAPI-users.
I can see these in logs when user tries to connect with PLAIN
authentication (via pam_krb5):
Oct 4 11:14:31 vm03 auth: Debug: passwd-file(testuser,172.17.0.123):
lookup: user=testuser
2013 Feb 19
1
Using different auth_default_realm on multiple sockets with postfix. Is it possible?
Hi,
I have more postfix smtpd instances (via master.cf) listening on different
ports, and the FW passes the inbound mail submit connections to the right
port. The problem: it seems postfix is not able to append "default realm"
and I need to set different values for the instances. As far as I see, it's
not possible as postfix only passes the base64 encoded string from the user
to the
2007 Sep 05
2
auth_default_realm for different listeners
We provide POP3 service for several realms, each of which has a substantial
number of users logging in with no realm (bare username). We would like to
use Dovecot, but I haven't been able to findout how to vary
auth_default_realm for each listener.
My most recent attempt was to set up one auth {} block for each realm with a
different auth_default_realm and socket master path. I then set up
2011 Dec 29
1
Trouble with proxy_maybe and auth_default_realm
Hello,
I'm using proxy_maybe and auth_default_realm. It seems that when a user
logs in without the domain name, relying on auth_default_realm, and the
"host" field points to the local server, I get the Proxying loops to
itself error. It does work as expected - log on to the local server
without proxying, if the user does include the domain name in the login.
(IP's and
2015 Sep 27
1
dovecot, fts, solr5 patch, fuzzy search
Hi!
I have a patch and several thoughts about FTS in dovecot.
I. SOLR v5.1 and above doesn't allow GET /select queries with
Content-Type header set, so, I just removed it from the code:
--- dovecot-2.2.18/src/plugins/fts-solr/solr-connection.c 2015-05-13
17:14:45.000000000 +0300
+++
dovecot-2.2.18.patch/src/plugins/fts-solr/solr-connection.c 2015-09-27
19:47:40.363843359 +0300
@@ -432,7
2014 Jun 10
0
Dovecot Configuration for access with GSSAPI / Kerberos
Hi Dovecot-Mailinglist!
I try to install a new Dovecot-Server with Kerberos-Authentification
(Kerberos-Server is already authenticating user-account ).
The following error-notice occurs when I use mail-programm Gnome
Evolution to access IMAP-Account:
"Ordner konnte nicht ge?ffnet werden (Folder can not be opened)
The reported error was "GSSAPI-Legitimation ist fehlgeschlagen".
2011 May 20
1
Global fields for passwd-file database
Is there a way to specify global fields for passwd-file DB? Currently
interested in "home" for userdb and "allow_nets" for passworddb.
The next doesn't work, of course:
passdb passwd-file {
args = username_format=%n allow_nets=127.0.0.1
/etc/dovecot/dovecot.passwd.%d
}
userdb passwd-file {
args = username_format=%n home=/var/mail/%d/%n
2019 Mar 09
0
GSSAPI and usernames, not Kerberos ticket names
Hi all,
I've got a Dovecot v2.3.3 IMAP with GSSAPI auth set up.
This server is in main domain, 'contoso.com'. I also have several
subdomains.
My problem is usernames with GSSAPI authentication:
When I try to login as 'user' or as 'user at CONTOSO.COM' - everything
works. But, 'user at contoso.com' auth fails.
But when I try to login as subdomain user,
2019 Aug 01
2
IMAP frontend authenticating proxy with GSSAPI/Kerberos SSO
Hi,
My IMAP backend server is lacking SSO authentication, so I am
trying to set up Dovecot in front of it as an authenticating proxy.
Fortunately, my backend server provides a way to ignore the
password provided and will simply trust the username given to
be authenticated, using plain login authentication. I'm struggling
with setting this up, as it seems to me that as soon as I enable
2011 Jun 28
3
Exim and Dovecot2 SASL: 435 Unable to authenticate at present
Hi. I had working Exim 4.71 and Dovecot 1.2.9 SASL configuration on
Ubuntu Lucid, but needed some features from dovecot2, so I installed
2.0.13 from
https://launchpad.net/~carsten-uppenbrink-net/+archive/dovecot2 . Now I
get Subj error while trying to authenticate via dovecot auth-client
socket. However IMAP auth works fine with 2.0.13 and smtp auth worked
fine until upgrade, so I think
2012 Apr 10
1
Per IP virtual domain
Hello,
My dovecot server (2.0.18 on FreeBSD 9) has multiple interface. I would
like to configure the authentication (pop and imap) to append different
domain according to the local IP address.
I've tested this:
local 10.0.0.1 {
auth_default_realm = domain1.com
}
local 10.0.0.2 {
auth_default_realm = domain2.com
}
But it doesn't work. I get this error message:
doveconf: Fatal:
2020 Oct 29
2
dovecot quota-warning detection mail
Gedalya-san
I have a question.
Currently, there are thousands of users. (In multi-domain)
The setting of "auth_default_realm = example.co.jp" is
Is it possible to set without affecting the current user?
Thank you.
-----Original Message-----
From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of ?????
Sent: Wednesday, October 28, 2020 4:16 PM
To: 'Gedalya'
2017 Oct 03
1
Postfix + saslauthd SASL With Kerberos (FreeIPA) unable to send mail
The dovecot instance set up with auth_realms and auth_default_realm
variables and it is working well. In saslauthd configurations setting
same variables giving configuration parsing error (I think it is not
right way to configure kerberos realm in saslauthd). However
testsaslauthd working without any problems even if I don't specify realm
parameter from command line.
On 03/10/17 06:17,
2012 Mar 13
2
problems with SSH-based clustering dovecot 2.1.1
Hello,
I'm using dovecot 2.1.1 with vpopmail 5.4.30 with multiples domains and I
have problems setting up synchronization in between multiple computers.
All act like master (my clients can connect to any of the them and read
their emails either via POP3 either via IMAP, inbound email gets on any of
the machines). Each machine is on a different continent, there is no
shared drive in between
2020 Oct 29
0
dovecot quota-warning detection mail
It should only affect users who authenticate with a username only, without a domain.
The only effect is to add the domain name to the username.
You could perhaps test, by logging in as just "user" and then as "user at example.co.jp" and make sure everything behaves the same.
If everything behaves the same, then setting auth_default_realm should not do any harm.
In other words,
2009 Apr 06
1
virtual domains with SQL auth + ntlm (winbind) auth for one of them...
Hello !
Is it possible to configure dovecot so it can use SQL authentication
for set of domains, and ntlm authentication for one domain? In other
words, I would like to authenticate all users (with user at domain.com as
login) in SQL server, and if not found, then strip @windomain.com from
login and fallback to pam->winbind authentication. So far i have in my
dovecot.conf:
auth_default_realm
2019 Apr 15
0
Fwd: SOLR/Index?
Again, this doesn't help with doveadm running as the local user, and also
doesn't help with
the PAM authentication.
passdb {
driver = pam
#[session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=20]
#[cache_key=<key>] [<service name>]
args = failure_show_msg=yes session=yes max_requests=20
skip = authenticated
}
How can I default the domain for PAM
2020 Oct 29
2
dovecot quota-warning detection mail
Gedalya-san
You are currently logged in without a domain name.
Currently, "abc-xyz-unyo-sekkei" users have been converted to
"abc-xyz-unyo at example.co.jp".
(There is no "sekkei" in the address.)
Or just add "@example.co.jp"?
When it comes to "abc-xyz-unyo-sekkei at example.co.jp"
I can't send a mail.
Thank you.
morikawa
-----Original
2020 Oct 28
2
dovecot quota-warning detection mail
On 10/28/20 12:19 PM, ?? ?? wrote:
> <abc-xyz-unyo-sekkei>"
> "Recipient address rejected: User unknown in local recipient table"
If abc-xyz-unyo-sekkei is supposed to be abc-xyz-unyo-sekkei at example.co.jp then you could try to set in dovecot configuration:
auth_default_realm = example.co.jp
Then %u will contain the domain part too.
Otherwise, you could try to
2015 Mar 10
1
Different realm for different listeners?
Once upon a time, Tom Hendrikx <tom at whyscream.net> said:
> You could drop the default realm completely, and create a second
> passdb lookup which uses only the username part to lookup credentials.
> This means that, as long as you have no conflicts as usernames
> 'john at foo.com' vs 'john at bar.com', you'd be able to support username
> 'john'.