Re: Disabling passdb pam in local.conf
* Timo Sirainen :
> Hmm. If you want to just kludge it, I guess you could do a 00-auth.conf:
>
> passdb {
> driver = whatever you want for your real passdb
> args = etc
> result_failure = return
> result_internalfail = return
> }
>
> So even though pam is still in the config, it's just never actually called.
I played with the idea to set result_failure and result_internalfail to pass
it all through, too. But then things started to get nasty and I took the long
road and began to edit more than local.conf.
But thanks for taking the time to review and rethink this.
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Disabling passdb pam in local.conf
On 22 Jun 2016, at 09:48, Patrick Ben Koetter wrote:
>
> * Patrick Ben Koetter :
>> * Marcus Rueckert :
What am I missing?
>>>
>>> That 10-auth.conf is actually meant to be edited. most distros should
>>> have configuration file handling pretty much figured out by now. so
>>> none of your changes to those files should get lost. also configuration
>>> management comes to mind.
>>
>> As I repeatedly said none of those actions are an option in this project.
>> I think we better stop this thread.
>
> For the books:
>
> It can't be done at the moment. That would require the passdb section to
> become a named section, e.g. like this:
>
> passdb pam {
>driver = pam
> }
>
> Then one would be able to address this particular passdb namespace and do e.g.
> something like this:
>
> passdb pam {
>driver = pam
>enabled = no
> }
Hmm. If you want to just kludge it, I guess you could do a 00-auth.conf:
passdb {
driver = whatever you want for your real passdb
args = etc
result_failure = return
result_internalfail = return
}
So even though pam is still in the config, it's just never actually called.
Re: Disabling passdb pam in local.conf
On 2016-06-21 13:46, Ralf Hildebrandt wrote: * Edgar Pettijohn : > Only /etc/dovecot/local.conf should be changed. > So you want the standard files to remain unchanged from default settings and override them with your settings in local.conf? Exactly (he said that in his initial mail). so we all need to do "dovecot -n >>/tmp/dovecot.conf" or go back to dovecot v1 ? :-) i think local.conf is more and extender conf file for new things not in current config, or more like non standard plugins not in dovecot sources in gentoo i just keep edit default files, and if its changed AFTER install gentoo tells me that its changed, and then show a "diff old new" so i know my faults later ps: is there a hope for dovecot maillist not break dkim ?
Re: Disabling passdb pam in local.conf
Am 2016-06-21 um 13:51 schrieb Ralf Hildebrandt:
* Patrick Ben Koetter :
Greetings,
I'm trying to create a configuration that leaves every config file deployed by
an install process or paket management software untouched. The goal is to put
every configuration required into /etc/dovecot/local.conf.
I've come quite far, but I fail to disable pam as passdb service in
local.conf. What I get if I run doveconf -n is this section:
passdb {
driver = pam
}
What is the actual problem? System accounts shouldn't be able to
log-in? System accounts shouldn't be valid mailboxes?
Use case: virtual accounts in "passdb { driver = passwd-file …"
The initial pam driver will make each logon have to wait for pam to
timeout first which adds a considerable delay in the process
--
peter
Re: Disabling passdb pam in local.conf
* Patrick Ben Koetter :
> * Marcus Rueckert :
> > > What am I missing?
> >
> > That 10-auth.conf is actually meant to be edited. most distros should
> > have configuration file handling pretty much figured out by now. so
> > none of your changes to those files should get lost. also configuration
> > management comes to mind.
>
> As I repeatedly said none of those actions are an option in this project.
> I think we better stop this thread.
For the books:
It can't be done at the moment. That would require the passdb section to
become a named section, e.g. like this:
passdb pam {
driver = pam
}
Then one would be able to address this particular passdb namespace and do e.g.
something like this:
passdb pam {
driver = pam
enabled = no
}
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Disabling passdb pam in local.conf
* Marcus Rueckert : > > What am I missing? > > That 10-auth.conf is actually meant to be edited. most distros should > have configuration file handling pretty much figured out by now. so > none of your changes to those files should get lost. also configuration > management comes to mind. As I repeatedly said none of those actions are an option in this project. I think we better stop this thread. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Disabling passdb pam in local.conf
On Mon, 20 Jun 2016 22:03:44 +0200
Patrick Ben Koetter wrote:
> Greetings,
>
> I'm trying to create a configuration that leaves every config file
> deployed by an install process or paket management software
> untouched. The goal is to put every configuration required
> into /etc/dovecot/local.conf.
>
> I've come quite far, but I fail to disable pam as passdb service in
> local.conf. What I get if I run doveconf -n is this section:
>
> passdb {
> driver = pam
> }
>
> It is in there, because 10-auth.conf includes it:
>
> !include auth-system.conf.ext
>
>
> These actions are not an option at the moment:
>
> - modify /etc/dovecot/conf.d/10-auth.conf and comment/remove the
> !include-statement
> - create an /etc/dovecot/dovecot.conf which would contain all options
> required and would not include any other *.conf files
>
> Reading http://wiki2.dovecot.org/ConfigFile I see ways to include
> external files, but nothing to exclude a file in local.conf.
>
> Knowing Timo I would expect there is a way to acchieve what I want. I
> just don't seem to find it.
>
> What am I missing?
That 10-auth.conf is actually meant to be edited. most distros should
have configuration file handling pretty much figured out by now. so
none of your changes to those files should get lost. also configuration
management comes to mind.
darix
--
openSUSE - SUSE Linux is my linux
openSUSE is good for you
www.opensuse.org
Re: Disabling passdb pam in local.conf
On 16-06-21 07:20:49, Edgar Pettijohn wrote: > > > Sent from my iPhone > > > On Jun 21, 2016, at 6:46 AM, Ralf Hildebrandt wrote: > > > > * Edgar Pettijohn : > > > >>> Only /etc/dovecot/local.conf should be changed. > >> So you want the standard files to remain unchanged from default settings > >> and override them with your settings in local.conf? > > > > Exactly (he said that in his initial mail). > > > Sorry for requesting verification. > > However, to answer the question. I don't think it's possible. There are a lot > of neat config options, but I don't think the exact use case is possible. It > may be easy to implement, im not familiar with dovecots parse_config(). Maybe > store the first occurrence of a setting, but replace it with the last > encountered. > > > -- > > [*] sys4 AG > > > > http://sys4.de, +49 (89) 30 90 46 64 > > Schlei??heimer Stra??e 26/MG, 80333 M??nchen > > > > Sitz der Gesellschaft: M??nchen, Amtsgericht M??nchen: HRB 199263 > > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > > Aufsichtsratsvorsitzender: Florian Kirstein Sorry didn't send to list. -- Edgar Pettijohn
Re: Disabling passdb pam in local.conf
On 16-06-20 23:28:20, Patrick Ben Koetter wrote: > * Edgar Pettijohn : > > Is your goal to have "1" config file? > > No, that would eliminate the ability to change distro settings via the regular > package management. > > My goal is to add/remove what my service requires via the additional > local.conf. > > p@rick > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Schlei??heimer Stra??e 26/MG,80333 M??nchen > > Sitz der Gesellschaft: M??nchen, Amtsgericht M??nchen: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein > I'm not sure what you mean by "ability to change distro settings" -- Edgar Pettijohn
Re: Disabling passdb pam in local.conf
On 16-06-20 23:28:20, Patrick Ben Koetter wrote: > * Edgar Pettijohn : > > Is your goal to have "1" config file? > > No, that would eliminate the ability to change distro settings via the regular > package management. > > My goal is to add/remove what my service requires via the additional > local.conf. > > p@rick > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Schlei??heimer Stra??e 26/MG,80333 M??nchen > > Sitz der Gesellschaft: M??nchen, Amtsgericht M??nchen: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein > What package management do you speak of? I've installed dovecot on several distros and haven't had to use anything other than the typical dovecot config files. -- Edgar Pettijohn
Re: Disabling passdb pam in local.conf
On 16-06-20 23:28:20, Patrick Ben Koetter wrote: > * Edgar Pettijohn : > > Is your goal to have "1" config file? > > No, that would eliminate the ability to change distro settings via the regular > package management. > > My goal is to add/remove what my service requires via the additional > local.conf. > > p@rick > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Schlei??heimer Stra??e 26/MG,80333 M??nchen > > Sitz der Gesellschaft: M??nchen, Amtsgericht M??nchen: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein > By distro settings do you mean that you want a config that can be easily changed going from say Debian to FreeBSD? What package management do you speak of? -- Edgar Pettijohn
Re: Disabling passdb pam in local.conf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 21 Jun 2016, Ralf Hildebrandt wrote:
I'm trying to create a configuration that leaves every config file deployed by
an install process or paket management software untouched. The goal is to put
every configuration required into /etc/dovecot/local.conf.
I've come quite far, but I fail to disable pam as passdb service in
local.conf. What I get if I run doveconf -n is this section:
passdb {
driver = pam
}
It seems that there is no way of saying something like:
remove passdb
Adding new passdb entries is no problem, but removing existing ones is
hard.
I thought
passwd 1 {
driver = none
}
would do the trick, but you get an error about that this passdb is already
defined.
passdb 0 {
passdb 2 {
is fine, because they do not already exist.
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEVAwUBV2k483z1H7kL/d9rAQKAkQgApe4vem0lhSEcsgNK8W0jJjROC/z7N5Ij
sNBdWolbzwP7I1cnNMP6cs7xHwneM7khmRh6PzNScHBoF6YpMkAb7MLWeXKpWLpN
AafN9NOM6wBjr1Stzb4DzuztuKsFE806md96MgrSQKqfNKPNUDwlNpDW8yIRo07E
kOi3CBRzur+ZVkUFXhtgtcejTpoo441WNUMbL9oFRatMv+lPVddLHMuNWINWoz2N
kVtYdzN+hlTUHuI2wlWIs1J0YqiAVXbbsEHT8LExp9d30eMxbNiQDqX9hQlUSmax
2tTKPuiLZ8VRZytQcMfAHX0DmNfDga8/zvWrt9SRaLn5d9Qc4rGdPA==
=5tei
-END PGP SIGNATURE-
Re: Disabling passdb pam in local.conf
Sent from my iPhone > On Jun 21, 2016, at 6:46 AM, Ralf Hildebrandt wrote: > > * Edgar Pettijohn : > >>> Only /etc/dovecot/local.conf should be changed. >> So you want the standard files to remain unchanged from default settings and >> override them with your settings in local.conf? > > Exactly (he said that in his initial mail). > Sorry for requesting verification. However, to answer the question. I don't think it's possible. There are a lot of neat config options, but I don't think the exact use case is possible. It may be easy to implement, im not familiar with dovecots parse_config(). Maybe store the first occurrence of a setting, but replace it with the last encountered. > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > Schleißheimer Straße 26/MG, 80333 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein
Re: Disabling passdb pam in local.conf
* Patrick Ben Koetter :
> Greetings,
>
> I'm trying to create a configuration that leaves every config file deployed by
> an install process or paket management software untouched. The goal is to put
> every configuration required into /etc/dovecot/local.conf.
>
> I've come quite far, but I fail to disable pam as passdb service in
> local.conf. What I get if I run doveconf -n is this section:
>
> passdb {
> driver = pam
> }
It seems that there is no way of saying something like:
remove passdb
Adding new passdb entries is no problem, but removing existing ones is
hard.
What is the actual problem? System accounts shouldn't be able to
log-in? System accounts shouldn't be valid mailboxes?
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Disabling passdb pam in local.conf
* Edgar Pettijohn : > > Only /etc/dovecot/local.conf should be changed. > > > So you want the standard files to remain unchanged from default settings and > override them with your settings in local.conf? Exactly (he said that in his initial mail). -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Disabling passdb pam in local.conf
> On Jun 21, 2016, at 1:26 AM, Patrick Ben Koetter wrote: > > * Edgar Pettijohn : >> What distro settings? > > These files should remain unchanged: > > ~$ tree /etc/dovecot/ > /etc/dovecot/ > ├── conf.d > │ ├── 10-auth.conf > │ ├── 10-director.conf > │ ├── 10-logging.conf > │ ├── 10-mail.conf > │ ├── 10-master.conf > │ ├── 10-ssl.conf > │ ├── 10-tcpwrapper.conf > │ ├── 15-lda.conf > │ ├── 15-mailboxes.conf > │ ├── 20-imap.conf > │ ├── 90-acl.conf > │ ├── 90-plugin.conf > │ ├── 90-quota.conf > │ ├── auth-checkpassword.conf.ext > │ ├── auth-deny.conf.ext > │ ├── auth-master.conf.ext > │ ├── auth-passwdfile.conf.ext > │ ├── auth-sql.conf.ext > │ ├── auth-static.conf.ext > │ ├── auth-system.conf.ext > │ └── auth-vpopmail.conf.ext > ├── dovecot.conf > ├── dovecot-dict-sql.conf.ext > ├── dovecot.pem > ├── dovecot-sql.conf.ext > ├── private > └── README > > Only /etc/dovecot/local.conf should be changed. > So you want the standard files to remain unchanged from default settings and override them with your settings in local.conf? > p@rick > > > > >> >> Sent from my iPhone >> >>> On Jun 20, 2016, at 4:28 PM, Patrick Ben Koetter wrote: >>> >>> * Edgar Pettijohn : Is your goal to have "1" config file? >>> >>> No, that would eliminate the ability to change distro settings via the >>> regular >>> package management. >>> >>> My goal is to add/remove what my service requires via the additional >>> local.conf. >>> >>> p@rick >>> >>> -- >>> [*] sys4 AG >>> >>> https://sys4.de, +49 (89) 30 90 46 64 >>> Schleißheimer Straße 26/MG,80333 München >>> >>> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 >>> Vorstand: Patrick Ben Koetter, Marc Schiffbauer >>> Aufsichtsratsvorsitzender: Florian Kirstein > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Schleißheimer Straße 26/MG,80333 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein >
Re: Disabling passdb pam in local.conf
* Edgar Pettijohn : > What distro settings? These files should remain unchanged: ~$ tree /etc/dovecot/ /etc/dovecot/ ├── conf.d │ ├── 10-auth.conf │ ├── 10-director.conf │ ├── 10-logging.conf │ ├── 10-mail.conf │ ├── 10-master.conf │ ├── 10-ssl.conf │ ├── 10-tcpwrapper.conf │ ├── 15-lda.conf │ ├── 15-mailboxes.conf │ ├── 20-imap.conf │ ├── 90-acl.conf │ ├── 90-plugin.conf │ ├── 90-quota.conf │ ├── auth-checkpassword.conf.ext │ ├── auth-deny.conf.ext │ ├── auth-master.conf.ext │ ├── auth-passwdfile.conf.ext │ ├── auth-sql.conf.ext │ ├── auth-static.conf.ext │ ├── auth-system.conf.ext │ └── auth-vpopmail.conf.ext ├── dovecot.conf ├── dovecot-dict-sql.conf.ext ├── dovecot.pem ├── dovecot-sql.conf.ext ├── private └── README Only /etc/dovecot/local.conf should be changed. p@rick > > Sent from my iPhone > > > On Jun 20, 2016, at 4:28 PM, Patrick Ben Koetter wrote: > > > > * Edgar Pettijohn : > >> Is your goal to have "1" config file? > > > > No, that would eliminate the ability to change distro settings via the > > regular > > package management. > > > > My goal is to add/remove what my service requires via the additional > > local.conf. > > > > p@rick > > > > -- > > [*] sys4 AG > > > > https://sys4.de, +49 (89) 30 90 46 64 > > Schleißheimer Straße 26/MG,80333 München > > > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > > Aufsichtsratsvorsitzender: Florian Kirstein > > -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Disabling passdb pam in local.conf
What distro settings? Sent from my iPhone > On Jun 20, 2016, at 4:28 PM, Patrick Ben Koetter wrote: > > * Edgar Pettijohn : >> Is your goal to have "1" config file? > > No, that would eliminate the ability to change distro settings via the regular > package management. > > My goal is to add/remove what my service requires via the additional > local.conf. > > p@rick > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Schleißheimer Straße 26/MG,80333 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein >
Re: Disabling passdb pam in local.conf
* Edgar Pettijohn : > Is your goal to have "1" config file? No, that would eliminate the ability to change distro settings via the regular package management. My goal is to add/remove what my service requires via the additional local.conf. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Disabling passdb pam in local.conf
Sent from my iPhone
> On Jun 20, 2016, at 3:03 PM, Patrick Ben Koetter wrote:
>
> Greetings,
>
> I'm trying to create a configuration that leaves every config file deployed by
> an install process or paket management software untouched. The goal is to put
> every configuration required into /etc/dovecot/local.conf.
>
> I've come quite far, but I fail to disable pam as passdb service in
> local.conf. What I get if I run doveconf -n is this section:
>
> passdb {
> driver = pam
> }
>
> It is in there, because 10-auth.conf includes it:
>
> !include auth-system.conf.ext
>
>
> These actions are not an option at the moment:
>
> - modify /etc/dovecot/conf.d/10-auth.conf and comment/remove the
> !include-statement
> - create an /etc/dovecot/dovecot.conf which would contain all options required
> and would not include any other *.conf files
>
> Reading http://wiki2.dovecot.org/ConfigFile I see ways to include external
> files, but nothing to exclude a file in local.conf.
>
> Knowing Timo I would expect there is a way to acchieve what I want. I just
> don't seem to find it.
>
> What am I missing?
>
> Regards,
>
> p@rick
>
> --
> [*] sys4 AG
>
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> Aufsichtsratsvorsitzender: Florian Kirstein
>
Is your goal to have "1" config file?
If so get your system working how you want it then:
doveconf -n > /etc/dovecot/config.test
Start dovecot with this file.
Disabling passdb pam in local.conf
Greetings,
I'm trying to create a configuration that leaves every config file deployed by
an install process or paket management software untouched. The goal is to put
every configuration required into /etc/dovecot/local.conf.
I've come quite far, but I fail to disable pam as passdb service in
local.conf. What I get if I run doveconf -n is this section:
passdb {
driver = pam
}
It is in there, because 10-auth.conf includes it:
!include auth-system.conf.ext
These actions are not an option at the moment:
- modify /etc/dovecot/conf.d/10-auth.conf and comment/remove the
!include-statement
- create an /etc/dovecot/dovecot.conf which would contain all options required
and would not include any other *.conf files
Reading http://wiki2.dovecot.org/ConfigFile I see ways to include external
files, but nothing to exclude a file in local.conf.
Knowing Timo I would expect there is a way to acchieve what I want. I just
don't seem to find it.
What am I missing?
Regards,
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
