On 6.1.2012, at 19.45, Yubao Liu wrote: > On 01/07/2012 12:44 AM, Timo Sirainen wrote: >> On Sat, 2012-01-07 at 00:15 +0800, Yubao Liu wrote: >> >>> I don't know why this function doesn't check auth->masterdbs, if I >>> insert these lines after line 128, that error goes away, and dovecot's >>> imap-login process happily does DIGEST-MD5 authentication [1]. >>> In my configuration, "masterdbs" contains "passdb passwd-file", >>> "passdbs" contains " passdb pam". >> So .. you want DIGEST-MD5 authentication for the master users, but not >> for anyone else? I hadn't really thought anyone would want that.. >> > Is there any special reason that master passdb isn't taken into > account in src/auth/auth.c:auth_passdb_list_have_lookup_credentials() ? > I feel master passdb is also a kind of passdb.
I guess it could be changed. It wasn't done intentionally that way. > This is exactly my use case, I use Kerberos for system users, > I'm curious why master passdb isn't used to check "have_lookup_credentials" > ability > http://wiki2.dovecot.org/Authentication/MultipleDatabases > > Currently the fallback works only with the PLAIN authentication mechanism. > > I hope this limitation can be relaxed. It might already be .. I don't remember. In any case you have only PAM passdb, so it shouldn't matter. GSSAPI isn't a passdb.
