Re: [Dovecot] replication howto

Fri, 16 Mar 2012 01:38:19 -0700 

Hi, thank's everybody, today afternoon i apply the suggest

and i test solution.

I post the actual configuration that i will test:

vmail users is present too, i create ssh-keygen for users vmail and
relative home directory
and permit ssh with no password with user vmail on two servers. Then i
use the configuration below

i leave comment the line below or i need to active it excuse but i
don't understand clear cause my terrible english?

#dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
-l%{lock_timeout} -n%{namespace}

and apply this on two servers

   service doveadm {
        # if you're using a single virtual user, set this to start ssh as vmail
       # (not root)
        #
        user = vmail
   }

   service config {
        # needed to grant access to /var/run/dovecot/config for service doveadm
        #
        unix_listener config {
                user = vmail
        }
   }

Thank's everyboy

Il 15 marzo 2012 22:55, Timo Sirainen <t...@iki.fi> ha scritto:
> Plus the scripts that
>
> 1) when calling ssh dsync first writes the username to stdout (before dsync 
> starts communicating)
>
> and
>
> 2) dsync.sh on remote first reads the username from stdin, before execing 
> dsync itself
>
> Because it's not possible to give -u $username parameter in the 
> authorized_keys cmd itself. That's the only changing parameter that is needed.
>
> On 15.3.2012, at 23.49, David Ford wrote:
>
>> in ~privilgeduser/.ssh/authorized keys:
>>
>> from=<list of hosts key is valid for> cmd=dsync.sh pubkey...
>>
>> On 03/15/2012 05:05 PM, Timo Sirainen wrote:
>>> Then again it's safer to use system user accounts than a single vmail 
>>> account that has access to everyone's emails. And if you allow ssh login 
>>> only with public key authentication I don't think there are much security 
>>> issues. And finally, it would be possible to write a small wrapper that 
>>> allows the root's public key auth to only execute dsync-user.sh script that 
>>> can't do anything except sync a specified user's mails.
>>
>



-- 
Rispetta l'ambiente: se non ti รจ necessario, non stampare questa mail.
******************************************
Ing. Matteo Cazzador
Email: mcazza...@gmail.com
******************************************

Reply via email to