Re: Different realm for different listeners?
Once upon a time, Chris Adams c...@cmadams.net said:
All my users are in MySQL. Reading the docs, I see that %l expands to
the local IP address almost everywhere. If that's available in the
userdb SQL expansion, I could write a (somewhat convoluted) SQL
statement that adds a domain based on the local IP. Does that sound
like it'll work? Not quite as elegant as just setting
auth_default_realm in separate listeners, but should work I guess.
Just a follow-up for the archives: this worked. This is my
MySQL password_query:
password_query = \
SELECT username AS user, password, \
concat('/srv/mail/',maildir) AS userdb_home, 1000 AS userdb_uid, \
1000 AS userdb_gid \
FROM mailbox WHERE active = 1 AND username = case \
when '%d' '' then '%u' \
when '%l' = '10.0.9.73' then '%u...@domain1.com' \
when '%l' = '10.0.9.74' then '%u...@domain2.net' \
else '%u' end
--
Chris Adams c...@cmadams.net
Re: Different realm for different listeners?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10-03-15 18:20, Chris Adams wrote: I see this has been asked a few times over the years (but not in several years), and the response was along the lines of maybe someday, so I figured I'd see if someday was here yet... I have a need to have a different default realm for different listeners. Basically, I've a bunch of different domains, and a few of them insist their users not be required to authenticate with user@domain and just use user, and I'm trying to make this work without separate daemons and/or VMs. I'll be using Dovecot 2.2 (most likely 2.2.10 as provided by RHEL/CentOS 7). Thanks. If there's not a way to do this directly in Dovecot, does anybody have any suggestion that doesn't require several different VMs? You could drop the default realm completely, and create a second passdb lookup which uses only the username part to lookup credentials. This means that, as long as you have no conflicts as usernames 'j...@foo.com' vs 'j...@bar.com', you'd be able to support username 'john'. When you're able to use the password in your sql WHERE statement [1] too, you could even work around that, because you'd only have mismatches when 'j...@foo.com' and 'j...@bar.com' have the same passphrase. [1] http://wiki2.dovecot.org/AuthDatabase/SQL#Password_verification_by_SQL_server Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJU/ywgAAoJEJPfMZ19VO/1mzQP/Anz44a5c7J6ir8mUgTVZEOn bFOrkXHkntLSruOZ9FHrMJX4RYXTSbZTe9fUUx1zDXiU7Aj2VQ6LqueXt7LFUW2Z jmPsxaHXBL8fSR8suwpzZ06/blz563Qi06HEZb2ixjITyvd3iVJCSPzVu3NLdsSH oxAE50I2vzuFHqfN9JbXD98HuEdGedhOldjlw9MsXmUFthfAYN8N4AhCgzm7G1C8 wk0909pvUAjfDuY7mJU6Q9smDBRdvP4i/aZtKrs/G1ZGq8SPbClbjwLedQy88q76 F/5DcY0M+Z2hYHEZrBQimfUByANY0YvMlQubqQ/s/lsUSD2IdDX6K3lvYKIuKNSe SHgnt9p6/yTAmX3gbsnB7fbbYQQNRrTHM8Uk8KWJhkxhWZpKt3BOoPMphMa5TCKR 9sBRZqIdN1vSd31Gu/QylKv0+zDeIXay7T+HVCf82KPHq/+zFzSZ1iR14V4TdOyz SXNprdxRik49tiAHRTSMQwRmOHDel9+guhozSJVj0ISnTCeRAC5vSvGActA3Gl8l 8aMBLDf/VyS7B+Ss0aWOs8MwIrre9oAxMa937lLc3sNh48A7uw38wJmIB6L20q2n QPlsYCm39wMgWvWi84rEhi663jBdRsZKBq+/Ou7oFHXkQmVmt1ToXw0mC5Bst9Ew y832vTrhtp1Sl2Siv1RV =KWRg -END PGP SIGNATURE-
Re: Different realm for different listeners?
On Tuesday 10 March 2015 18:38:40 Tom Hendrikx wrote: On 10-03-15 18:20, Chris Adams wrote: I see this has been asked a few times over the years (but not in several years), and the response was along the lines of maybe someday, so I figured I'd see if someday was here yet... I have a need to have a different default realm for different listeners. Basically, I've a bunch of different domains, and a few of them insist their users not be required to authenticate with user@domain and just use user, and I'm trying to make this work without separate daemons and/or VMs. I'll be using Dovecot 2.2 (most likely 2.2.10 as provided by RHEL/CentOS 7). Thanks. If there's not a way to do this directly in Dovecot, does anybody have any suggestion that doesn't require several different VMs? You could drop the default realm completely, and create a second passdb lookup which uses only the username part to lookup credentials. This means that, as long as you have no conflicts as usernames 'j...@foo.com' vs 'j...@bar.com', you'd be able to support username 'john'. Well, I think conflict is the keyword here. Everybody want an e-mail address called contact or office :) When you're able to use the password in your sql WHERE statement [1] too, you could even work around that, because you'd only have mismatches when 'j...@foo.com' and 'j...@bar.com' have the same passphrase. [1] http://wiki2.dovecot.org/AuthDatabase/SQL#Password_verification_by_SQL_serve r Tom -- Mihai Bădici http://mihai.badici.ro
Re: Different realm for different listeners?
Once upon a time, Tom Hendrikx t...@whyscream.net said: You could drop the default realm completely, and create a second passdb lookup which uses only the username part to lookup credentials. This means that, as long as you have no conflicts as usernames 'j...@foo.com' vs 'j...@bar.com', you'd be able to support username 'john'. The domains I need to handle are separate telephone company ISPs, so they all want common things like sales, so that won't work. All my users are in MySQL. Reading the docs, I see that %l expands to the local IP address almost everywhere. If that's available in the userdb SQL expansion, I could write a (somewhat convoluted) SQL statement that adds a domain based on the local IP. Does that sound like it'll work? Not quite as elegant as just setting auth_default_realm in separate listeners, but should work I guess. -- Chris Adams c...@cmadams.net
