Hello,
Still busy with details...
Considering, as in my previous example, a password_query returning '!' or NULL
for the "nologin" column, depending on an account's status (suspended or not).
Let's consider a suspended user "some.user".
In the case of a successful authentication, one has:
sh-3.2# doveadm auth test some.user goodpassword; echo $?
passdb: some.user auth succeeded
extra fields:
user=some.user
nologin
0
On the other hand, in the case of an authentication failure:
sh-3.2# doveadm auth test some.user badpassword; echo $?
passdb: some.user auth failed
extra fields:
user=some.user
nologin=!
77
So, this is similar to what happens in a connection (pop3, imap...): when
present, the nologin info is always taken into account, even in the case of an
authentication failure.
Again, this may raise some concerns about the consistency of such a behavior.
Is this guaranteed to always behave that way, because of some rationale I'm
currently missing, or does it go about some overlooked combination, liable to
be inadvertently "corrected" in the future?
I haven't been able to find a definitive answer in the wiki or in the code
about such matters.
This is particularly important in the case of doveadm, since its output
requires parsing for extracting such informations (the exit code alone isn't
sufficient); should above behavior be changed without notice, and a script
could suddenly take the worst decisions...
BTW, why:
nologin
in the first output, and:
nologin=!
in the second output?
TIA,
Axel
