I am using Active directory authentication via gssapi for most users.  In 
dovecot.conf I have:

auth_mechanisms = plain login gssapi
auth_use_winbind = yes

I also have

passdb { driver = shadow }
userdb { driver = passwd }

for those few users who are NOT AD users.

Even though the AD users do not exist in /etc/passwd or /etc/shadow, Dovecot 
ALWAYS first looks
them up in shadow, which ALWAYS fails. 

The https://wiki2.dovecot.org/PasswordDatabase wiki says, "these databases 
can't be used with
non-plaintext authentication mechanisms."

Is there a way to bypass checking passdb (and userdb?) for these mechanism?


Reply via email to