Re: BSD authentication username rewrite

2008-05-12 Thread Jakob Schlyter 

On 12 maj 2008, at 12.08, LIVAI Daniel wrote:


Could this be a help for you?

http://wiki.dovecot.org/Authentication/Kerberos


thanks, but that i GSSAPI-authentication - i.e. not password
authentication against a kerberos realm.

jakob

Re: BSD authentication username rewrite

2008-05-12 Thread LÉVAI Dániel 
On Monday 12 May 2008 12.01.29 you wrote:
> On 12 maj 2008, at 11.43, LIVAI Daniel wrote:
> > Just simply out of curiosity; why don't you use dovecot with
> > virtual users in plain text passwd-file style, or even sql/ldap?
>
> 'cause the users are provisioned using kerberos.
>
>   jakob

Could this be a help for you?

http://wiki.dovecot.org/Authentication/Kerberos

Daniel

-- 
LEVAI Daniel
PGP key ID = 0x4AC0A4B1
Key fingerprint = D037 03B9 C12D D338 4412  2D83 1373 917A 4AC0 A4B1

Re: BSD authentication username rewrite

2008-05-12 Thread Jakob Schlyter 

On 12 maj 2008, at 11.43, LIVAI Daniel wrote:


Just simply out of curiosity; why don't you use dovecot with virtual
users in plain text passwd-file style, or even sql/ldap?


'cause the users are provisioned using kerberos.

jakob

Re: BSD authentication username rewrite

2008-05-12 Thread LÉVAI Dániel 
On Monday 12 May 2008 10.09.19 you wrote:
> hi,
>
> I have an imap server (dovecot) that can auhenticate using BSD
> authentication. however, when imap server requests authenitcation for
> user xyzzy, I'd like the bsd authentication layer to authenticate
> user 'xyzzy/mail' (which has a separate password in kerberos). I can
> see multiple solutions to this:
>
> 1) have dovecot rewrite the username before sending it to bsdauth
>
> 2) have bsdauth add /main to the username before authentication. this
> might be more generic and will make it easier for other apps to use
> separate password for some apps (using an option to login.conf).
>
>
> comments and/or ideas?

Just simply out of curiosity; why don't you use dovecot with virtual 
users in plain text passwd-file style, or even sql/ldap?

Daniel


-- 
LEVAI Daniel
GPG key ID = 0x4AC0A4B1
Key fingerprint = D037 03B9 C12D D338 4412  2D83 1373 917A 4AC0 A4B1

BSD authentication username rewrite

2008-05-12 Thread Jakob Schlyter 

hi,

I have an imap server (dovecot) that can auhenticate using BSD  
authentication. however, when imap server requests authenitcation for  
user xyzzy, I'd like the bsd authentication layer to authenticate user  
'xyzzy/mail' (which has a separate password in kerberos). I can see  
multiple solutions to this:


1) have dovecot rewrite the username before sending it to bsdauth

2) have bsdauth add /main to the username before authentication. this  
might be more generic and will make it easier for other apps to use  
separate password for some apps (using an option to login.conf).



comments and/or ideas?

jakob