similar to: master user and ACL's

Hi, I understand from earlier discussions that the reason dovecot doesn't support proxying of other SASL mechanisms than those which supply the plaintext password is that in general it would be possible to proxy any SASL mechanism since it might protect against man-in-the-middle attacks (which would prevent proxying). However, that has led to choice between letting users use PLAIN (or

Greetings to all I need a masteruser/proxy account for some applications to be implemented and i am having some problems. Normal users are proxyied through ldap queries to the remote machine and this is working like it sopose to, but i can't make the master user to work. Below are both the dovecot.conf and dovecot-ldap.conf and verbose logs on the proxy machine. If i log directly on the

Hello list, i would like to use master user functionality in dovecot v1.2, but i just cant get it to work: Here?s my configuration: # dovecot -n # 1.2.9: /etc/dovecot.conf # OS: Linux 2.6.18-164.10.1.el5PAE i686 Red Hat Enterprise Linux Server release 5.4 (Tikanga) login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap):

First, excuse me because I don't speak english very well (perhaps this is the reason that I mess up something when reading the documentation). I have read the Howto, some Examples and the book and I have some doubts which I like to solve. Excuse me for the big post, too ;) My starting point: - 3 Debian Linux Samba Servers - 1 Windows XP SP3 Professional - 1 OpenLDAP Server (on another Debian

Hi. I''m using Apache2.2 built from source + mod-proxy + ssl + svn. Everything works fine but I''m sure you I could disable a ton of modules during the build process and in httpd.conf to speed things up and run a tighter memory footprint. Has anyone bothered building Apache2.2 from source disabling all the unneeded modules. I am planning on going through the Apache docs but I

I''ve seen a lot of issue regarding the stability of Rails apps. I''m charged with investigation of Rails for my company and I''ve looked at numerous fourms, groups, etc. (Textdrive, here, etc.) and it *seems* like there is a stability problem with Rails (ie: crashes, etc.) Is this as common as it looks, or is this tied to things like Lighttpd (web server) or Typo

Talking to myself again ;-) Samba-tool is working a little bit different then the silo/policy management on a Windows-DC. On a Windows-DC after assigning the user and host to the silo you have to assign the silo to the user and the host. When assigning the user and host to the silo with samba-tool, the assignment to the user and the host will be done at the same time. So now my policy looks

Hi Stefan, We had a long weekend in New Zealand, I'm catching up now to your emails. Some of the slight differences between Windows tools I've already picked up on and are in my PR Andrew Bartlett mentioned on Friday, but I'm always open to learning what things are missing or different etc. On 23/10/23 02:58, Stefan Kania via samba wrote: > Talking to myself again ;-) > >

Thanks Rob for chiming in. Stefan, I do want to be very clear, one of the big challanges that we as developers face building these kind of tools is that we don't run AD domains day-to-day. So we really value good feedback on the ergonomics. If you can test with our work in progress, we are keen to adapt the tooling where possible to be more in line with what is 'naturally expected, so

1.2.9 is very outdated, install a recent version 2009-12-16 1.2.9 changeset | changelog | files vs 12 days ago Timo Sirainen Released v2.2.19. 2.2.19 Am 15.10.2015 um 13:12 schrieb Michal ?ila: > Hello list, > > i would like to use master user functionality in dovecot v1.2, but i just cant get it to work: > > Here?s my configuration: > > # dovecot -n > # 1.2.9:

I know that there are some methods to use federated identities (e.g. OAuth2) with SSH authentication but, from what I've seen, they largely seem clunky and require users to interact with web browsers to get one time tokens. Which is sort of acceptable for occasional logins but doesn't work with automated/scripted actions. I'm just wondering if anyone has done any work on this or

[I sent this a while ago, but it seems not to have made it to the list. I'm resending it having subscribed first; I apologise if anyone get it twice.] I have been trying to get a Postfix mail server using Dovecot SASL to accept GSSAPI AUTH from another Postfix server using Cyrus SASL, and I believe I have found a couple of bugs in Dovecot's GSSAPI implementation. The first problem is

Hello all, I am trying to understand how SAMBA finds nearest Domain Controller when configured to use Active Directory for AuthN. There are some great articles and wikis about how to configure SAMBA against AD, but couldn't find much on what I was looking for. For example 1. Does Samba have built in dc locator functionality like windows clients ? 2. What is the default authN it uses, NTLM

Hello: I am working to implement certificate-based authentication for some internal applications. It would be very helpful to be able to pass information server-side by specifying some custom options via the Extensions of the signed certificate, allowing the authenticity of the options to be verified readily. However, I have not been able to find too much for specifying behaviors, etc.

I'd like to: 1) use samba3 as a PDC, and 2) not use LDAP as the account backend database, and 3) specify samba to use but use "encrypt passwords = true", and 4) use an ldap server as the authentication source for samba. Is that possible? I'd assumed it would be given that samba is pam-aware, and I can tell pam to use ldap for authN. However, the man page for smb.conf seems to

Hi list, I have a question on auth caching in 2.2.18. I am using acl_groups for a master user, appended in a static userdb file # snip ############################### master at uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster allow_nets=127.0.0.1 # snap ############################### and use this group in a global ACL file. I discovered this only works on first NOT-cached login

Hi all, We have Exim using Dovecot for authentication. Dovecot, in turn, consults a custom internal server that answers Dovecot?s userdb queries. When IMAP connections arrive, for some users we want to forward those connections--without authentication--to an external IMAP server. For these users, we return ?proxy_maybe? and ?nopassword? in the authn response from our userdb server. This tells

HI! I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and description for CLI arg -O in ssh-keygen(1). It seems to me that there could be a 1:1 mapping between SSH cert extensions and authz key options by just adding prefix "permit-" to the key option. But the man pages differ regarding case of "permit-x11-forwarding" and "X11-forwarding". [1] also

Hi, I am configuring master-slave replication in a MariaDB 10.X over Centos 7.1 and I am having some troubles. When I configure the slave I use the following directies in my.cnf: ... master-host = 192.168.122.2 master-user = slave_user master-password = qwerty master-connect-retry = 60 ... But is seems that the daemon doesn't like them and it refuses to

Hi, I was looking into the new Authentication Policy feature: https://wiki2.dovecot.org/Authentication/Policy I had kinda hoped that I would be able to enfore this in a proxy running in front of several backends. This proxy does not authenticate. It use "nopassword". But I realize that the "succes" reported in the final authpolicy req. (command=report) is not what is