[Courier-imap] Virtual users mapped to system users

2011-05-20 Thread Raj Mathur (राज माथुर) 
Hi,

I'm trying to set up an IMAP server for virtual users with the following 
characteristics:

- Server is handling multiple mail domains, say "foo.com" and "bar.com".

- Mail for x...@foo.com gets delivered to system user x.foo.com; mail for 
x...@bar.com gets delivered to system user x.bar.com.

Now is it possible to have Courier IMAP handle logins of the form 
"x...@foo.com" and "x...@bar.com" and authenticate them against the 
corresponding system users "x.foo.com" and "x.bar.com"?  A non-database 
solution would be preferred.

Regards,

-- Raj
-- 
Raj Mathurr...@kandalaya.org  http://kandalaya.org/
   GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
PsyTrance & Chill: http://schizoid.in/   ||   It is the mind that moves

--
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its 
next-generation tools to help Windows* and Linux* C/C++ and Fortran 
developers boost performance applications - including clusters. 
http://p.sf.net/sfu/intel-dev2devmay
___
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap

Re: [Courier-imap] Virtual users mapped to system users

2011-05-21 Thread Manvendra Bhangui 
2011/5/21 Raj Mathur (राज माथुर) 

> Hi,
>
> I'm trying to set up an IMAP server for virtual users with the following
> characteristics:
>
> - Server is handling multiple mail domains, say "foo.com" and "bar.com".
>
> - Mail for x...@foo.com gets delivered to system user x.foo.com; mail for
> x...@bar.com gets delivered to system user x.bar.com.
>
> Now is it possible to have Courier IMAP handle logins of the form
> "x...@foo.com" and "x...@bar.com" and authenticate them against the
> corresponding system users "x.foo.com" and "x.bar.com"?  A non-database
> solution would be preferred.
>
>
imaplogin/pop3login supplies the username and password on fd 3 to
authmodules. Hence you can intercept it by putting your own program in
AUTHMODULES in imapd configuration. If your program is transform then you
can have (just as an example)

AUTHMODULES="transform authpam authshadow"

Your script 'transform' which intercepts the username and transforms it can
be like this

#!/bin/sh
if [ $# -lt 2 ] ; then
echo "Incorrect arguments" 1>&2
echo "AUTHFAILURE" 1>&2
exit 2
fi
AWK=$(which awk)
var=`cat 0<&3`
USER=`echo $var | cut -d ' ' -f3`
PASSWORD=`echo $var | cut -d ' ' -f4`
user=$(echo $USER | $AWK -F'@' '{print $1}')
domain=$(echo $USER | $AWK -F'@' '{print $2}')
if [ -z $domain ] ; then
domain=$DEFAULT_DOMAIN
fi
if [ $# -lt 3 ] ; then
echo "transform: no more modules will be tried" 1>&2
echo "AUTHFAILURE" 1>&2
exit 1
fi

exec 4>/tmp/transform.$$ 3&4
# call the next auth module on command line
exec $*

Regards Manvendra - http://www.indimail.org
--
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its 
next-generation tools to help Windows* and Linux* C/C++ and Fortran 
developers boost performance applications - including clusters. 
http://p.sf.net/sfu/intel-dev2devmay___
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap

Re: [Courier-imap] Virtual users mapped to system users

2011-05-21 Thread Sam Varshavchik 

Manvendra Bhangui writes:


« HTML content follows »
2011/5/21 Raj Mathur (राज माथुर) r...@linux-delhi.org>



   Hi,

   I'm trying to set up an IMAP server for virtual users with the following
   characteristics:

   - Server is handling multiple mail domains, say
   "http://foo.com>foo.com" and "http://bar.com>bar.com".

   - Mail for mailto:x...@foo.com>x...@foo.com gets delivered to system 
user
   http://x.foo.com>x.foo.com; mail for
   mailto:x...@bar.com>x...@bar.com gets delivered to system user
   http://x.bar.com>x.bar.com.

   Now is it possible to have Courier IMAP handle logins of the form
   "mailto:x...@foo.com>x...@foo.com" and 
"mailto:x...@bar.com>x...@bar.com"
   and authenticate them against the
   corresponding system users "http://x.foo.com>x.foo.com" and
   "http://x.bar.com>x.bar.com"?  A non-database
   solution would be preferred.




imaplogin/pop3login supplies the username and password on fd 3 to  
authmodules. Hence you can intercept it by putting your own program in  
AUTHMODULES in imapd configuration.


No, you can't. That's how it used to work many years ago, but not for a long  
time. If you want to use your own custom module, you have to install a  
shared library that implements a specific API.


The pw2userdb script can be used to read the system password file and create  
a corresponding userdb file, then user makeuserdb, and use the userdb  
authentication module. You will need to do some basic post-processing on the  
output of pw2userdb, to adjust the userids accordingly.


Or, use the authpipe module with a custom authpipe script.




pgpC0Uk5C5wN5.pgp
Description: PGP signature
--
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its 
next-generation tools to help Windows* and Linux* C/C++ and Fortran 
developers boost performance applications - including clusters. 
http://p.sf.net/sfu/intel-dev2devmay___
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap