On 05.12.2017 08:05, Mark Foley wrote: > I am using Active directory authentication via gssapi for most users. In > dovecot.conf I have: > > auth_mechanisms = plain login gssapi > auth_use_winbind = yes > > I also have > > passdb { driver = shadow } > userdb { driver = passwd } > > for those few users who are NOT AD users. > > Even though the AD users do not exist in /etc/passwd or /etc/shadow, Dovecot > ALWAYS first looks > them up in shadow, which ALWAYS fails. > > The https://wiki2.dovecot.org/PasswordDatabase wiki says, "these databases > can't be used with > non-plaintext authentication mechanisms." > > Is there a way to bypass checking passdb (and userdb?) for these mechanism? > > --Mark
You can try: passdb { ... skip = authenticated } In very recent dovecot version you could use mechanism_filter too, but I guess skip=authenticated should work. Aki