On Fri, 2008-10-17 at 19:04 +0200, Sascha Wilde wrote: > The back end needs a special checkpassword program which follows the > qmail semantics but additionally provides the user data without password > verification when the environment variable AUTHORIZED is set.[1] > > I have done some code cleanup (mainly factoring out common code of the > passdb and userdb back ends) and you can found the current version, > alongside with our acl-plugin enhancements, here: > > http://hg.intevation.org/kolab/dovecot-1.2_kolab-branch/ > > Timo, what would be needed to get the new back end upstream?
Some small things: - rename checkpassword-common.c to db-checkpassword.c so it's consistent with others. - userdb checkpassword is a new dovecot-specific extension, so you can drop all vpopmail etc. exit code handlers. Just 3 needed: success, user doesn't exist and internal error (also being the default). - a valid userdb checkpassword script shouldn't be a valid passdb checkpassword script to avoid accidents. I guess this could be done by 1) Require userdb scripts to set USERDB environment. 2) checkpassword-reply checks if USERDB environment is set. If it is, return exit code 2 instead of 0. 3) userdb-checkpassword.c's success exit code is 2. exit code 0 would produce failure. Hmm. Or perhaps instead of USERDB change the AUTHORIZED environment's value to something else.
signature.asc
Description: This is a digitally signed message part