Displaying 20 results from an estimated 5000 matches similar to: "master user and ACL's"
2015 Feb 25
2
Proxying of non "plain" SASL mechnisms.
Hi,
I understand from earlier discussions that the reason dovecot doesn't
support proxying of other SASL mechanisms than those which supply the
plaintext password is that in general it would be possible to proxy any
SASL mechanism since it might protect against man-in-the-middle attacks
(which would prevent proxying).
However, that has led to choice between letting users use PLAIN (or
2009 Nov 30
1
Dovecot 1.2.x masteruser proxy problem
Greetings to all
I need a masteruser/proxy account for some applications to be implemented
and i am having some problems. Normal users are proxyied through
ldap queries to the remote machine and this is working like it sopose to,
but i can't make the master user to work. Below are both the dovecot.conf
and dovecot-ldap.conf and verbose logs on the proxy machine.
If i log directly on the
2015 Oct 15
4
master user in dovecot 1.2
Hello list,
i would like to use master user functionality in dovecot v1.2, but i just cant get it to work:
Here?s my configuration:
# dovecot -n
# 1.2.9: /etc/dovecot.conf
# OS: Linux 2.6.18-164.10.1.el5PAE i686 Red Hat Enterprise Linux Server release 5.4 (Tikanga)
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap):
2010 Sep 03
1
Multiple Samba PDCs doubt
First, excuse me because I don't speak english very well (perhaps this
is the reason that I mess up something when reading the documentation).
I have read the Howto, some Examples and the book and I have some doubts
which I like to solve. Excuse me for the big post, too ;)
My starting point:
- 3 Debian Linux Samba Servers
- 1 Windows XP SP3 Professional
- 1 OpenLDAP Server (on another Debian
2006 Aug 24
9
[slightly offtopic] A small, fast Apache2.2 (if there is such a thing)
Hi.
I''m using Apache2.2 built from source + mod-proxy + ssl + svn.
Everything works fine but I''m sure you I could disable a ton of
modules during the build process and in httpd.conf to speed things up
and run a tighter memory footprint.
Has anyone bothered building Apache2.2 from source disabling all the
unneeded modules.
I am planning on going through the Apache docs but I
2006 Aug 29
28
Stability of Rails
I''ve seen a lot of issue regarding the stability of Rails apps. I''m
charged with investigation of Rails for my company and I''ve looked at
numerous fourms, groups, etc. (Textdrive, here, etc.) and it *seems*
like there is a stability problem with Rails (ie: crashes, etc.) Is
this as common as it looks, or is this tied to things like Lighttpd (web
server) or Typo
2023 Oct 22
1
Question about silos and Authentication policies
Talking to myself again ;-)
Samba-tool is working a little bit different then the silo/policy
management on a Windows-DC.
On a Windows-DC after assigning the user and host to the silo you have
to assign the silo to the user and the host. When assigning the user and
host to the silo with samba-tool, the assignment to the user and the
host will be done at the same time. So now my policy looks
2023 Oct 23
2
Question about silos and Authentication policies
Hi Stefan,
We had a long weekend in New Zealand, I'm catching up now to your emails.
Some of the slight differences between Windows tools I've already picked
up on and are in my PR Andrew Bartlett mentioned on Friday, but I'm
always open to learning what things are missing or different etc.
On 23/10/23 02:58, Stefan Kania via samba wrote:
> Talking to myself again ;-)
>
>
2023 Oct 23
2
Question about silos and Authentication policies
Thanks Rob for chiming in.
Stefan,
I do want to be very clear, one of the big challanges that we as
developers face building these kind of tools is that we don't run AD
domains day-to-day. So we really value good feedback on the
ergonomics.
If you can test with our work in progress, we are keen to adapt the
tooling where possible to be more in line with what is 'naturally
expected, so
2015 Oct 15
0
master user in dovecot 1.2
1.2.9 is very outdated, install a recent version
2009-12-16 1.2.9 changeset | changelog | files
vs
12 days ago Timo Sirainen Released v2.2.19. 2.2.19
Am 15.10.2015 um 13:12 schrieb Michal ?ila:
> Hello list,
>
> i would like to use master user functionality in dovecot v1.2, but i just cant get it to work:
>
> Here?s my configuration:
>
> # dovecot -n
> # 1.2.9:
2024 Feb 08
2
Authentication using federated identity
I know that there are some methods to use federated identities (e.g.
OAuth2) with SSH authentication but, from what I've seen, they largely
seem clunky and require users to interact with web browsers to get one
time tokens. Which is sort of acceptable for occasional logins but
doesn't work with automated/scripted actions.
I'm just wondering if anyone has done any work on this or
2012 Jul 14
1
[PATCH] Interop problem with Cyrus SASL and GSSAPI
[I sent this a while ago, but it seems not to have made it to the list.
I'm resending it having subscribed first; I apologise if anyone get it
twice.]
I have been trying to get a Postfix mail server using Dovecot SASL to
accept GSSAPI AUTH from another Postfix server using Cyrus SASL, and I
believe I have found a couple of bugs in Dovecot's GSSAPI
implementation.
The first problem is
2012 May 09
2
AD and SAMBA
Hello all,
I am trying to understand how SAMBA finds nearest Domain Controller when
configured to use Active Directory for AuthN.
There are some great articles and wikis about how to configure SAMBA
against AD, but couldn't find much on what I was looking for.
For example
1. Does Samba have built in dc locator functionality like windows
clients ?
2. What is the default authN it uses, NTLM
2019 May 21
2
OpenSSH Certificate Extensions
Hello:
I am working to implement certificate-based authentication for some
internal applications. It would be very helpful to be able to pass
information server-side by specifying some custom options via the
Extensions of the signed certificate, allowing the authenticity of the
options to be verified readily. However, I have not been able to find too
much for specifying behaviors, etc.
2012 May 15
1
would like to use samba3 pdc, no ldap account backend db, but use ldap for authN
I'd like to:
1) use samba3 as a PDC, and
2) not use LDAP as the account backend database, and
3) specify samba to use but use "encrypt passwords = true", and
4) use an ldap server as the authentication source for samba.
Is that possible?
I'd assumed it would be given that samba is pam-aware, and I can tell pam to use ldap for authN.
However, the man page for smb.conf seems to
2015 Aug 05
3
question on autch cache parameters
Hi list,
I have a question on auth caching in 2.2.18.
I am using acl_groups for a master user, appended in a static userdb file
# snip ###############################
master at uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster
allow_nets=127.0.0.1
# snap ###############################
and use this group in a global ACL file.
I discovered this only works on first NOT-cached login
2020 Sep 28
1
custom userdb server, Exim, and proxying
Hi all,
We have Exim using Dovecot for authentication. Dovecot, in turn, consults a custom internal server that answers Dovecot?s userdb queries.
When IMAP connections arrive, for some users we want to forward those connections--without authentication--to an external IMAP server. For these users, we return ?proxy_maybe? and ?nopassword? in the authn response from our userdb server. This tells
2018 Jan 12
2
SSH cert extensions and authz key options
HI!
I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and
description for CLI arg -O in ssh-keygen(1).
It seems to me that there could be a 1:1 mapping between SSH cert
extensions and authz key options by just adding prefix "permit-" to the
key option.
But the man pages differ regarding case of "permit-x11-forwarding" and
"X11-forwarding". [1] also
2015 Nov 12
1
MariaDB 10.X Master-Slave Replication
Hi,
I am configuring master-slave replication in a MariaDB 10.X over Centos 7.1
and I am having some troubles.
When I configure the slave I use the following directies in my.cnf:
...
master-host = 192.168.122.2
master-user = slave_user
master-password = qwerty
master-connect-retry = 60
...
But is seems that the daemon doesn't like them and it refuses to
2017 Dec 14
4
auth_policy in a non-authenticating proxy chain
Hi,
I was looking into the new Authentication Policy feature:
https://wiki2.dovecot.org/Authentication/Policy
I had kinda hoped that I would be able to enfore this in a proxy running
in front of several backends. This proxy does not authenticate. It use
"nopassword".
But I realize that the "succes" reported in the final authpolicy req.
(command=report) is not what is