subject:"\[Dovecot\] How to bypass checking of system users by virtual users\?"

Re: [Dovecot] How to bypass checking of system users by virtual users?

2008-10-05 Thread Dâniel Fraga

On Sun, 05 Oct 2008 19:31:20 +0300
Timo Sirainen <[EMAIL PROTECTED]> wrote:

> You probably also moved userdb static before userdb passwd, causing
> Dovecot to always use userdb static for everyone. So the order you want
> is:
> 
> 1. passdb passwd-file
> 2. passdb pam
> 3. userdb passwd
> 4. userdb static

Thank you very much! This order definitely solved the problem ;)

--

Re: [Dovecot] How to bypass checking of system users by virtual users?

2008-10-05 Thread Timo Sirainen

On Sun, 2008-10-05 at 13:27 -0300, Dâniel Fraga wrote:
> On Sun, 05 Oct 2008 18:59:10 +0300
> Timo Sirainen <[EMAIL PROTECTED]> wrote:
> 
> > If you don't set auth_debug=yes (and auth_verbose=yes? I'm not sure),
> > you won't see any error messages when real users log in.
> 
>   Would you believe that when I switch the order of the
> real/virtual users authentication configuration, the real users
> do not receive email anymore? I mean, the mail is in the mailbox, but
> dovecot returns 0 new messages. So I have to keep the real users
> checking first, before virtual users, otherwise it won't work for real
> users.
> 
>   Strange, isn't?

You probably also moved userdb static before userdb passwd, causing
Dovecot to always use userdb static for everyone. So the order you want
is:

1. passdb passwd-file
2. passdb pam
3. userdb passwd
4. userdb static



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] How to bypass checking of system users by virtual users?

2008-10-05 Thread Dâniel Fraga

On Sun, 05 Oct 2008 18:59:10 +0300
Timo Sirainen <[EMAIL PROTECTED]> wrote:

> If you don't set auth_debug=yes (and auth_verbose=yes? I'm not sure),
> you won't see any error messages when real users log in.

Would you believe that when I switch the order of the
real/virtual users authentication configuration, the real users
do not receive email anymore? I mean, the mail is in the mailbox, but
dovecot returns 0 new messages. So I have to keep the real users
checking first, before virtual users, otherwise it won't work for real
users.

Strange, isn't?

### real

   userdb passwd {
   }

   passdb pam {
   }

 virtual

   userdb static {
   args = uid=17 gid=17 home=/var/spool/virtual/%d/.home/%n

mail=mbox:/var/spool/virtual/%d/home/%n:INBOX=/var/spool/virtual/%d/%n
   }

  passdb passwd-file {
   args = username_format=%n /etc/virtual/%d/passwd  
   }

***

The above works, but the opposite, no.

--

Re: [Dovecot] How to bypass checking of system users by virtual users?

2008-10-05 Thread Timo Sirainen

On Sun, 2008-10-05 at 12:52 -0300, Dâniel Fraga wrote:
> On Sun, 05 Oct 2008 14:26:26 +0300
> Timo Sirainen <[EMAIL PROTECTED]> wrote:
> 
> > You can't really tell that to Dovecot, but you could move passdb
> > passwd-file {} before passdb pam {} so it'll first check the virtual
> > users and you'll avoid the PAM messages.
> 
>   Ok, I would see less error messages, since there are more
> virtual users than real ones, but do you agree with me that I would keep
> seeing some error messages when real users try to authenticate? Because
> then, real users would be checked first against virtual passwd,
> giving the error.

If you don't set auth_debug=yes (and auth_verbose=yes? I'm not sure),
you won't see any error messages when real users log in.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] How to bypass checking of system users by virtual users?

2008-10-05 Thread Dâniel Fraga

On Sun, 05 Oct 2008 14:26:26 +0300
Timo Sirainen <[EMAIL PROTECTED]> wrote:

> You can't really tell that to Dovecot, but you could move passdb
> passwd-file {} before passdb pam {} so it'll first check the virtual
> users and you'll avoid the PAM messages.

Ok, I would see less error messages, since there are more
virtual users than real ones, but do you agree with me that I would keep
seeing some error messages when real users try to authenticate? Because
then, real users would be checked first against virtual passwd,
giving the error.

Or not?

Thanks.

--

Re: [Dovecot] How to bypass checking of system users by virtual users?

2008-10-05 Thread Timo Sirainen

On Fri, 2008-10-03 at 03:22 -0300, Dâniel Fraga wrote:
>   This messages happen because dovecot is trying to check virtual
> users in the system password file (which just contains real users and
> not virtual users).
> 
>   So is there a way to force it to check virtual users just on
> the /etc/virtual/%d/passwd? I mean, if the domain is the real one,
> abusar.org, or it doesn't have a domain, it will check in the system
> passwords, but if it's some other domain except abusar.org, it should
> skip checking system passwords and check directly in the
> /etc/virtual/%d/passwd.

You can't really tell that to Dovecot, but you could move passdb
passwd-file {} before passdb pam {} so it'll first check the virtual
users and you'll avoid the PAM messages.



signature.asc
Description: This is a digitally signed message part

[Dovecot] How to bypass checking of system users by virtual users?

2008-10-02 Thread Dâniel Fraga

Hi, I have one real domain (abusar.org) and the others are
virtual. So I configured dovecot.conf as the following:


# for abusar.org, real domain
mail_location = mbox:~/.mail/:INBOX=/var/mail/%n

# for the remaining virtual domains
userdb static {
args = uid=17 gid=17 home=/var/spool/virtual/%d/.home/%n 
mail=mbox:/var/spool/virtual/%d/home/%n:INBOX=/var/spool/virtual/%d/%n
}

passdb passwd-file {
args = username_format=%n /etc/virtual/%d/passwd  
}

***

Everything works perfectly except for the fact that when virtual users 
authenticate, dovecot uses the configuration for 
real users first and then authenticate succesfully with the virtual 
configuration, generating those annoying log error messages:

Oct  3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): check pass; 
user unknown
Oct  3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot [EMAIL PROTECTED] 
rhost=201.6.150.188 
Oct  3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): check pass; 
user unknown
Oct  3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot [EMAIL PROTECTED] 
rhost=201.6.150.188 
Oct  3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): check pass; 
user unknown
Oct  3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot [EMAIL PROTECTED] 
rhost=201.6.150.188 
Oct  3 03:12:00 teleporto dovecot-auth: pam_unix(dovecot:auth): check pass; 
user unknown
Oct  3 03:12:00 teleporto dovecot-auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot [EMAIL PROTECTED] 
rhost=200.204.124.212

This messages happen because dovecot is trying to check virtual
users in the system password file (which just contains real users and
not virtual users).

So is there a way to force it to check virtual users just on
the /etc/virtual/%d/passwd? I mean, if the domain is the real one,
abusar.org, or it doesn't have a domain, it will check in the system
passwords, but if it's some other domain except abusar.org, it should
skip checking system passwords and check directly in the
/etc/virtual/%d/passwd.

I just don't know how to do that.

Any hints? Thank you!

-- 
Linux 2.6.27-rc8: Rotary Wombat
http://u-br.net

http://www.soninha23.can.br

Re: [Dovecot] How to bypass checking of system users by virtual users?

Re: [Dovecot] How to bypass checking of system users by virtual users?

Re: [Dovecot] How to bypass checking of system users by virtual users?

Re: [Dovecot] How to bypass checking of system users by virtual users?

Re: [Dovecot] How to bypass checking of system users by virtual users?

Re: [Dovecot] How to bypass checking of system users by virtual users?

[Dovecot] How to bypass checking of system users by virtual users?

7 matches

Site Navigation

Mail list logo

Footer information