Re: table-passwd

2019-09-23 Thread Joerg Jung



> On 23. Sep 2019, at 19:09, Edgar Pettijohn  wrote:
> 
> 
> On Sep 23, 2019 11:58 AM, Joerg Jung  wrote:
>> 
>> 
>> 
>>> On 18. Sep 2019, at 09:38, gil...@poolp.org wrote:
>>> 
>>> September 17, 2019 11:41 PM, "Edgar Pettijohn"  
>>> wrote:
>>> 
 On Sep 17, 2019 9:05 AM, Gilles Chehade  wrote:
 
> Hello,
> 
> Is there anyone using table-passwd for _any_ other purposes than sharing
> with Dovecot ?
> 
> I have built a fully virtual setup which shares credentials with Dovecot
> and since I managed to do it _without_ table-passwd I'm wondering if the
> table backend is really useful and if it was not created because soneone
> had overlooked the first few lines of the Dovecot documentation stating:
> 
> "For a password database, it's enough to have only the user and password
> fields."
> 
 
 Not actually using it, but for dovecot to use it as a userdb as well as a 
 passdb it needs the
 additional fields.
 
>>> 
>>> ok so I'm misunderstanding the use-case, let me explain why I'm curious:
>>> 
>>> I wrote table-passwd because I was told that if you wanted to create a 
>>> virtual setup,
>>> backed by one single user, you needed to have a passwd(5)-format file for 
>>> Dovecot and
>>> share that with OpenSMTPD.
>>> 
>>> But then I did a fully virtual setup for myself and I didn't use 
>>> table-passwd, so the
>>> rationale behind it falls a bit apart for me, unless there's other 
>>> use-cases.
>>> 
>>> On my setup, file /etc/mail/accounts is a simple two columns 
>>> username/password table:
>>> 
>>> # head -1 /etc/mail/accounts.txt 
>>> gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6
>>> #
>>> 
>> [...]
>>> 
>>> This allows both OpenSMTPD and Dovecot to authenticate accounts that are 
>>> not system
>>> users, allows OpenSMTPD to drop mail to a maildir owned by system account 
>>> in charge
>>> of virtual accounts and allows Dovecot to properly serve these accounts.
>>> 
>>> Am I missing your use-cases here ?
>>> 
>> 
>> Yes, this is perfectly fine for simpler cases, but as someone else 
>> mentioned in this thread earlier already:
>> Dovecot passdb knows about additional fields, in particular 
>> to specify user specific quotas (usually rather important in 
>> virtual user setups). table-passwd can handle/ignore these 
>> extra_fields correctly. So my passwd file lines looks like this:
>> f...@bar.de:$2b$::userdb_quota_rule=*:storage=10G
>> 
>> 
>> 
> 
> I'm guessing you are looking for fat to trim. Personally I like it as is. 
> Just my two cents.
> 

Maybe just teach smtpd to ignore everything in credentials table(5) 
after the second column could do the trick and would make table-passwd
completely obsolete.





Re: table-passwd

2019-09-23 Thread Joerg Jung


> On 23. Sep 2019, at 18:58, Joerg Jung  wrote:
> 
> 
> 
>> On 18. Sep 2019, at 09:38, gil...@poolp.org wrote:
>> 
>> September 17, 2019 11:41 PM, "Edgar Pettijohn"  
>> wrote:
>> 
>>> On Sep 17, 2019 9:05 AM, Gilles Chehade  wrote:
>>> 
 Hello,
 
 Is there anyone using table-passwd for _any_ other purposes than sharing
 with Dovecot ?
 
 I have built a fully virtual setup which shares credentials with Dovecot
 and since I managed to do it _without_ table-passwd I'm wondering if the
 table backend is really useful and if it was not created because soneone
 had overlooked the first few lines of the Dovecot documentation stating:
 
 "For a password database, it's enough to have only the user and password
 fields."
 
>>> 
>>> Not actually using it, but for dovecot to use it as a userdb as well as a 
>>> passdb it needs the
>>> additional fields.
>>> 
>> 
>> ok so I'm misunderstanding the use-case, let me explain why I'm curious:
>> 
>> I wrote table-passwd because I was told that if you wanted to create a 
>> virtual setup,
>> backed by one single user, you needed to have a passwd(5)-format file for 
>> Dovecot and
>> share that with OpenSMTPD.
>> 
>> But then I did a fully virtual setup for myself and I didn't use 
>> table-passwd, so the
>> rationale behind it falls a bit apart for me, unless there's other use-cases.
>> 
>> On my setup, file /etc/mail/accounts is a simple two columns 
>> username/password table:
>> 
>> # head -1 /etc/mail/accounts.txt 
>> gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6
>> #
>> 
> [...]
>> 
>> This allows both OpenSMTPD and Dovecot to authenticate accounts that are not 
>> system
>> users, allows OpenSMTPD to drop mail to a maildir owned by system account in 
>> charge
>> of virtual accounts and allows Dovecot to properly serve these accounts.
>> 
>> Am I missing your use-cases here ?
>> 
> 
> Yes, this is perfectly fine for simpler cases, but as someone else 
> mentioned in this thread earlier already:
> Dovecot passdb knows about additional fields, in particular 
> to specify user specific quotas (usually rather important in 
> virtual user setups). table-passwd can handle/ignore these 
> extra_fields correctly. So my passwd file lines looks like this:
> f...@bar.de :$2b$::userdb_quota_rule=*:storage=10G

Just for reference, these “extra_fields" seem documented 
nowadays here:
https://doc.dovecot.org/configuration_manual/authentication/user_database_extra_fields/
https://doc.dovecot.org/configuration_manual/authentication/password_database_extra_fields/
 






Re: table-passwd

2019-09-23 Thread Edgar Pettijohn

On Sep 23, 2019 11:58 AM, Joerg Jung  wrote:
>
>
>
> > On 18. Sep 2019, at 09:38, gil...@poolp.org wrote:
> > 
> > September 17, 2019 11:41 PM, "Edgar Pettijohn"  
> > wrote:
> > 
> >> On Sep 17, 2019 9:05 AM, Gilles Chehade  wrote:
> >> 
> >>> Hello,
> >>> 
> >>> Is there anyone using table-passwd for _any_ other purposes than sharing
> >>> with Dovecot ?
> >>> 
> >>> I have built a fully virtual setup which shares credentials with Dovecot
> >>> and since I managed to do it _without_ table-passwd I'm wondering if the
> >>> table backend is really useful and if it was not created because soneone
> >>> had overlooked the first few lines of the Dovecot documentation stating:
> >>> 
> >>> "For a password database, it's enough to have only the user and password
> >>> fields."
> >>> 
> >> 
> >> Not actually using it, but for dovecot to use it as a userdb as well as a 
> >> passdb it needs the
> >> additional fields.
> >> 
> > 
> > ok so I'm misunderstanding the use-case, let me explain why I'm curious:
> > 
> > I wrote table-passwd because I was told that if you wanted to create a 
> > virtual setup,
> > backed by one single user, you needed to have a passwd(5)-format file for 
> > Dovecot and
> > share that with OpenSMTPD.
> > 
> > But then I did a fully virtual setup for myself and I didn't use 
> > table-passwd, so the
> > rationale behind it falls a bit apart for me, unless there's other 
> > use-cases.
> > 
> > On my setup, file /etc/mail/accounts is a simple two columns 
> > username/password table:
> > 
> > # head -1 /etc/mail/accounts.txt 
> > gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6
> > #
> > 
> [...]
> > 
> > This allows both OpenSMTPD and Dovecot to authenticate accounts that are 
> > not system
> > users, allows OpenSMTPD to drop mail to a maildir owned by system account 
> > in charge
> > of virtual accounts and allows Dovecot to properly serve these accounts.
> > 
> > Am I missing your use-cases here ?
> > 
>
> Yes, this is perfectly fine for simpler cases, but as someone else 
> mentioned in this thread earlier already:
> Dovecot passdb knows about additional fields, in particular 
> to specify user specific quotas (usually rather important in 
> virtual user setups). table-passwd can handle/ignore these 
> extra_fields correctly. So my passwd file lines looks like this:
> f...@bar.de:$2b$::userdb_quota_rule=*:storage=10G
>
>
>

I'm guessing you are looking for fat to trim. Personally I like it as is. Just 
my two cents.

Edgar