Hi Kirill,
Thanks for your reply. Such a simple flat file approach would be
perfect, and I don't mind at all to require app specific usernames *and*
passwords.
However, I am unsure how to combine your recipe below with our regular
AD userdb/passdb.
Perhaps someone can give me some pointers in that direction?
MJ
On 07/20/2017 06:50 PM, Kirill Miazine wrote:
I'm not familiar with samba AD and with it's features and limitation.
For my simple system I'm using plain files for passdb and userdb (aka.
passwd-file). Application (or rather device) specific passwords are
implementing by using having an additional "username" with a specific
password for a particular application or device. E.g. some entries for
myself:
bbmutt:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir
userdb_quota_rule=*:bytes=10240M
kmozilla:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir
userdb_quota_rule=*:bytes=10240M
sailpad:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir
userdb_quota_rule=*:bytes=10240M
workphone:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir
userdb_quota_rule=*:bytes=10240M
The files are generated automatically from a Single Source of Truth.
In my case I'm selecting the username myself, but there's nothing
preventing you from generating a username/password combination for your
users.
Note that in my setup users will have application specific username and
password, not only application specific password. It was easier to
implement it quickly this way.
Greetz
Kirill
