similar to: pam_ldap + nss_ldap, su(1), group wheel and pam_group

Hi, I am using pam_group.so to add some additional groups to the users. However, although Samba obeys pam restrictions, it obeys only "session" type of management. pam_group.so, however can be used only with auth. That's why if a user logs in through Samba it won't have a particular group added and so not enough permissions to work with a share. How else can I add a group to a

I am trying to track down the cause of some errors that have been occurring on a number of our servers using LDAP. We have noticed that when a certain LDAP group exceeds 65 users we begin seeing glibc errors for users in the group. Users that are not in the group do not exhibit this behavior. We have seen this issue on machines running Centos 4.5 x86 & x86_64 with glibc-2.3.4-2.36 and RH4

Hello all I am new to dovecot and I have some troubles to make it working on a FreeBSD 6.0 box On this machine I have nss_ldap + pam_ldap working to login users but dovecot is not working for "ldap" users, it works only for users that are "really" in /etc/passwd file. I have configured dovecot to use the passwd auth mechanism as the OS is suppose to do the job, but it

I'm (finally) getting around to putting a backup LDAP authentication server on my network. The backup uses syncrepl to grab the database, and to my eyes both LDAP servers answer read queries identically. I'm testing the client side of this configuration on virtual CentOS 5 i386 machine. /etc/ldap.conf reads ----- %< ----- base dc=DOMAIN,dc=com timelimit 30 bind_timelimit 30

Hello, Dovecot. I'm using postfix + dovecot with pure virtual users. postfix uses standard virtual transport, and dovecot fetches such fields from userdb: chroot: "/usr/home/hosted/v-mail/%d/%n" home: "/" mail: "maildir:." Everything works Ok -- dovecot founds users' mail. Now, after upgrade to dovecot2, I want to use it LMTP server as

Hello, Dovecot. Does dovecot sieve supports variable extension (rfc5229)? It is very useful for users with large amount of mailing lists, as it allows to write only one rule for all lists (filtering by List-Id). If it is not supported, is here any plans to support it? I can try to implement it, but I don't want to duplicate work, if somebody has this extension in pipeline. -- //

Hello, Dovecot. I want to migrate to webmail (roundcube) over dovecot + sieve (pigeonhole). Now I'm using on-client (The Bat!) filters, but I need to have acccess to my mail everywhere, not only on my workstation. And I wonder, is here simple way to re-filter INBOX after sieve filters have been changed? Any offline (desktop) mail client could run new filters on old messages -- is

Hello, Dovecot. Now, with enabled "recipient_delimiter = +", "lmtp_save_to_detail_mailbox" and using LMTP, messages with "detail" in address, are placed in auto-created mailboxes. It is great, but what if I want to put all such mailboxes not in inbox directly, but lower in mailbox hierarchy? Is it possible without using sieve? -- // Black Lion AKA Lev

Hello, Dovecot. Is it possible to write one rule in sieve, which will: (1) Trigger on any message with "List-Id" header AND (2) Put this message to folder with name build from content of "List-Id" header, in such way, that message with List-Id List-Id: This is decription of list <list-name.host.org> will be put into folder "org.host.list-name" where

Hello, Freebsd-stable. I installed 7.1-STABLE on my new Soekris net5501. Kernel config is in attach. This unit lock up in strange way every day. It is pingable, but no access to host on any network protocol (sshd, named, etc are not answering), and serial console (only one this unit has) DOESN'T ANSWER too! Only way to un-freeze it is cold reboot. I've thought, it is

Hello, Freebsd-security. I want to create mixed audit class for ``security-sensible'' events. For example, I need to audit: exec*() syscalls from standard `pc' class, but not wait4() or fork(), because fork() is not interesting (new process image is security-sensible, not new process itself) and occurred too often and create noise. connect()/accept() from

Hello, Freebsd-security. I'm grepping all sources for programs, which support audit and found strange thing: find . -name '*.c*' -print | \ grep -v -E '^./(sys|contrib/openbsm|tools/regression)' | \ xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call

Hello, Arne. I try to build storage server for my home (I have a LOT of media files) with FreeBSD 7, 5xHDD (WD 500Gb) and geom_raid5 ("simple" version from perforce, beacuse http://home.tiscali.de/cmdr_faako/geom_raid5.tbz is not patched for FreeBSD7). Array & FS were created with default arguments: # graid5 label storage ad6 ad8 ad10 ad12 ad14 # newfs -O2 -U /dev/raid5/storage

Hello dovecot, wiki mentions `deliver', but it doesn't include into 1.0.beta8 dovecot distribution. It can be downlaoded from CVS, and even contains two tags on files, that seems to eb release tags :) But what is official status of `deliver' tool? Is it stable, or experemental, or what? Are here any plans when it will be packaged ad announced? -- Best regards, Lev

Hello dovecot, I want to have all authorization in one place and don't use Cyrus-SASL. I cobfigure postfix 2.3.3 to use dovecot-SASL. I have next lines in main.cf: smtpd_sasl_security_options = noplaintext,noanonymous smtpd_sasl_tls_security_options = noanonymous But PLAIN and LOGIN are advertised by postfix :( Is it bug of postfix or dovecot-auth? I don't want to disable

Hello dovecot, It seems, that mail_chroot setting can't use variables. I try to set it to `%h' and it deosn't work :( Are here any security considerations, or it is bug? -- Best regards, Lev mailto:lev at serebryakov.spb.ru

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I've tried to use negative look-ahead in :regex match like this: if header :regex "List-Id" "<svn-([^-]+)-(?!all)([^.]+)\.freebsd\.org>" { ... } and manage-sieve server complains on save about such regex with diagnostic "repetition operator operand invalid" :( - -- Black Lion AKA Lev Serebryakov

I want to use SQLite database as storage for auth and user databases. I've encountered two problems here: (1) There is no way to open SQLite database read-only (via sqlite3_open_v2() call with SQLITE_OPEN_READONLY flag). It looks bad. I don't need (and want) to give dovecot rights to write to this database. (2) I've created system group "hostingdb", added

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 24.02.2016 21:49, james at lottspot.com wrote: > The only secure way to enforce read-only access on a sqlite > database is via filesystem permissions. I would recommend setting > your database to 640 and ensure that any modifying process runs > with the owning UID. dovecot CAN NOT open SQLite database with read-only permissions

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm migrating from ?old skool? solution with one mail client (MUA) on one computer, which retrieves mail via POP3, sorts it and manages it locally to installation when there are several MUAs on different devices, accessing mail via IMAP4, and all sorting and management should be server-side. Sorting is ?easy?: sieve. Here are some nuisance