similar to: auth_default_realm, pam_krb5, gssapi

Hi. Is it possible to use GSSAPI authentication and deny passdb together? Seems it doesn't work as I expect: GSSAPI doesn't check deny passdb, so I'm not able to restrict access to GSSAPI-users. I can see these in logs when user tries to connect with PLAIN authentication (via pam_krb5): Oct 4 11:14:31 vm03 auth: Debug: passwd-file(testuser,172.17.0.123): lookup: user=testuser

Hi, I have more postfix smtpd instances (via master.cf) listening on different ports, and the FW passes the inbound mail submit connections to the right port. The problem: it seems postfix is not able to append "default realm" and I need to set different values for the instances. As far as I see, it's not possible as postfix only passes the base64 encoded string from the user to the

We provide POP3 service for several realms, each of which has a substantial number of users logging in with no realm (bare username). We would like to use Dovecot, but I haven't been able to findout how to vary auth_default_realm for each listener. My most recent attempt was to set up one auth {} block for each realm with a different auth_default_realm and socket master path. I then set up

Hello, I'm using proxy_maybe and auth_default_realm. It seems that when a user logs in without the domain name, relying on auth_default_realm, and the "host" field points to the local server, I get the Proxying loops to itself error. It does work as expected - log on to the local server without proxying, if the user does include the domain name in the login. (IP's and

Hi! I have a patch and several thoughts about FTS in dovecot. I. SOLR v5.1 and above doesn't allow GET /select queries with Content-Type header set, so, I just removed it from the code: --- dovecot-2.2.18/src/plugins/fts-solr/solr-connection.c 2015-05-13 17:14:45.000000000 +0300 +++ dovecot-2.2.18.patch/src/plugins/fts-solr/solr-connection.c 2015-09-27 19:47:40.363843359 +0300 @@ -432,7

Hi Dovecot-Mailinglist! I try to install a new Dovecot-Server with Kerberos-Authentification (Kerberos-Server is already authenticating user-account ). The following error-notice occurs when I use mail-programm Gnome Evolution to access IMAP-Account: "Ordner konnte nicht ge?ffnet werden (Folder can not be opened) The reported error was "GSSAPI-Legitimation ist fehlgeschlagen".

Is there a way to specify global fields for passwd-file DB? Currently interested in "home" for userdb and "allow_nets" for passworddb. The next doesn't work, of course: passdb passwd-file { args = username_format=%n allow_nets=127.0.0.1 /etc/dovecot/dovecot.passwd.%d } userdb passwd-file { args = username_format=%n home=/var/mail/%d/%n

Hi all, I've got a Dovecot v2.3.3 IMAP with GSSAPI auth set up. This server is in main domain, 'contoso.com'. I also have several subdomains. My problem is usernames with GSSAPI authentication: When I try to login as 'user' or as 'user at CONTOSO.COM' - everything works. But, 'user at contoso.com' auth fails. But when I try to login as subdomain user,

Hi, My IMAP backend server is lacking SSO authentication, so I am trying to set up Dovecot in front of it as an authenticating proxy. Fortunately, my backend server provides a way to ignore the password provided and will simply trust the username given to be authenticated, using plain login authentication. I'm struggling with setting this up, as it seems to me that as soon as I enable

Hi. I had working Exim 4.71 and Dovecot 1.2.9 SASL configuration on Ubuntu Lucid, but needed some features from dovecot2, so I installed 2.0.13 from https://launchpad.net/~carsten-uppenbrink-net/+archive/dovecot2 . Now I get Subj error while trying to authenticate via dovecot auth-client socket. However IMAP auth works fine with 2.0.13 and smtp auth worked fine until upgrade, so I think

Hello, My dovecot server (2.0.18 on FreeBSD 9) has multiple interface. I would like to configure the authentication (pop and imap) to append different domain according to the local IP address. I've tested this: local 10.0.0.1 { auth_default_realm = domain1.com } local 10.0.0.2 { auth_default_realm = domain2.com } But it doesn't work. I get this error message: doveconf: Fatal:

Gedalya-san I have a question. Currently, there are thousands of users. (In multi-domain) The setting of "auth_default_realm = example.co.jp" is Is it possible to set without affecting the current user? Thank you. -----Original Message----- From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of ????? Sent: Wednesday, October 28, 2020 4:16 PM To: 'Gedalya'

The dovecot instance set up with auth_realms and auth_default_realm variables and it is working well. In saslauthd configurations setting same variables giving configuration parsing error (I think it is not right way to configure kerberos realm in saslauthd). However testsaslauthd working without any problems even if I don't specify realm parameter from command line. On 03/10/17 06:17,

Hello, I'm using dovecot 2.1.1 with vpopmail 5.4.30 with multiples domains and I have problems setting up synchronization in between multiple computers. All act like master (my clients can connect to any of the them and read their emails either via POP3 either via IMAP, inbound email gets on any of the machines). Each machine is on a different continent, there is no shared drive in between

It should only affect users who authenticate with a username only, without a domain. The only effect is to add the domain name to the username. You could perhaps test, by logging in as just "user" and then as "user at example.co.jp" and make sure everything behaves the same. If everything behaves the same, then setting auth_default_realm should not do any harm. In other words,

Hello ! Is it possible to configure dovecot so it can use SQL authentication for set of domains, and ntlm authentication for one domain? In other words, I would like to authenticate all users (with user at domain.com as login) in SQL server, and if not found, then strip @windomain.com from login and fallback to pam->winbind authentication. So far i have in my dovecot.conf: auth_default_realm

Again, this doesn't help with doveadm running as the local user, and also doesn't help with the PAM authentication. passdb { driver = pam #[session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=20] #[cache_key=<key>] [<service name>] args = failure_show_msg=yes session=yes max_requests=20 skip = authenticated } How can I default the domain for PAM

Gedalya-san You are currently logged in without a domain name. Currently, "abc-xyz-unyo-sekkei" users have been converted to "abc-xyz-unyo at example.co.jp". (There is no "sekkei" in the address.) Or just add "@example.co.jp"? When it comes to "abc-xyz-unyo-sekkei at example.co.jp" I can't send a mail. Thank you. morikawa -----Original

On 10/28/20 12:19 PM, ?? ?? wrote: > <abc-xyz-unyo-sekkei>" > "Recipient address rejected: User unknown in local recipient table" If abc-xyz-unyo-sekkei is supposed to be abc-xyz-unyo-sekkei at example.co.jp then you could try to set in dovecot configuration: auth_default_realm = example.co.jp Then %u will contain the domain part too. Otherwise, you could try to

Once upon a time, Tom Hendrikx <tom at whyscream.net> said: > You could drop the default realm completely, and create a second > passdb lookup which uses only the username part to lookup credentials. > This means that, as long as you have no conflicts as usernames > 'john at foo.com' vs 'john at bar.com', you'd be able to support username > 'john'.