Re: table-passwd
> On 18. Sep 2019, at 09:38, gil...@poolp.org wrote: > > September 17, 2019 11:41 PM, "Edgar Pettijohn" > wrote: > >> On Sep 17, 2019 9:05 AM, Gilles Chehade wrote: >> >>> Hello, >>> >>> Is there anyone using table-passwd for _any_ other purposes than sharing >>> with Dovecot ? >>> >>> I have built a fully virtual setup which shares credentials with Dovecot >>> and since I managed to do it _without_ table-passwd I'm wondering if the >>> table backend is really useful and if it was not created because soneone >>> had overlooked the first few lines of the Dovecot documentation stating: >>> >>> "For a password database, it's enough to have only the user and password >>> fields." >>> >> >> Not actually using it, but for dovecot to use it as a userdb as well as a >> passdb it needs the >> additional fields. >> > > ok so I'm misunderstanding the use-case, let me explain why I'm curious: > > I wrote table-passwd because I was told that if you wanted to create a > virtual setup, > backed by one single user, you needed to have a passwd(5)-format file for > Dovecot and > share that with OpenSMTPD. > > But then I did a fully virtual setup for myself and I didn't use > table-passwd, so the > rationale behind it falls a bit apart for me, unless there's other use-cases. > > On my setup, file /etc/mail/accounts is a simple two columns > username/password table: > > # head -1 /etc/mail/accounts.txt > gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6 > # > [...] > > This allows both OpenSMTPD and Dovecot to authenticate accounts that are not > system > users, allows OpenSMTPD to drop mail to a maildir owned by system account in > charge > of virtual accounts and allows Dovecot to properly serve these accounts. > > Am I missing your use-cases here ? > Yes, this is perfectly fine for simpler cases, but as someone else mentioned in this thread earlier already: Dovecot passdb knows about additional fields, in particular to specify user specific quotas (usually rather important in virtual user setups). table-passwd can handle/ignore these extra_fields correctly. So my passwd file lines looks like this: f...@bar.de:$2b$::userdb_quota_rule=*:storage=10G
Re: table-passwd
> On 23. Sep 2019, at 19:09, Edgar Pettijohn wrote: > > > On Sep 23, 2019 11:58 AM, Joerg Jung wrote: >> >> >> >>> On 18. Sep 2019, at 09:38, gil...@poolp.org wrote: >>> >>> September 17, 2019 11:41 PM, "Edgar Pettijohn" >>> wrote: >>> >>>> On Sep 17, 2019 9:05 AM, Gilles Chehade wrote: >>>> >>>>> Hello, >>>>> >>>>> Is there anyone using table-passwd for _any_ other purposes than sharing >>>>> with Dovecot ? >>>>> >>>>> I have built a fully virtual setup which shares credentials with Dovecot >>>>> and since I managed to do it _without_ table-passwd I'm wondering if the >>>>> table backend is really useful and if it was not created because soneone >>>>> had overlooked the first few lines of the Dovecot documentation stating: >>>>> >>>>> "For a password database, it's enough to have only the user and password >>>>> fields." >>>>> >>>> >>>> Not actually using it, but for dovecot to use it as a userdb as well as a >>>> passdb it needs the >>>> additional fields. >>>> >>> >>> ok so I'm misunderstanding the use-case, let me explain why I'm curious: >>> >>> I wrote table-passwd because I was told that if you wanted to create a >>> virtual setup, >>> backed by one single user, you needed to have a passwd(5)-format file for >>> Dovecot and >>> share that with OpenSMTPD. >>> >>> But then I did a fully virtual setup for myself and I didn't use >>> table-passwd, so the >>> rationale behind it falls a bit apart for me, unless there's other >>> use-cases. >>> >>> On my setup, file /etc/mail/accounts is a simple two columns >>> username/password table: >>> >>> # head -1 /etc/mail/accounts.txt >>> gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6 >>> # >>> >> [...] >>> >>> This allows both OpenSMTPD and Dovecot to authenticate accounts that are >>> not system >>> users, allows OpenSMTPD to drop mail to a maildir owned by system account >>> in charge >>> of virtual accounts and allows Dovecot to properly serve these accounts. >>> >>> Am I missing your use-cases here ? >>> >> >> Yes, this is perfectly fine for simpler cases, but as someone else >> mentioned in this thread earlier already: >> Dovecot passdb knows about additional fields, in particular >> to specify user specific quotas (usually rather important in >> virtual user setups). table-passwd can handle/ignore these >> extra_fields correctly. So my passwd file lines looks like this: >> f...@bar.de:$2b$::userdb_quota_rule=*:storage=10G >> >> >> > > I'm guessing you are looking for fat to trim. Personally I like it as is. > Just my two cents. > Maybe just teach smtpd to ignore everything in credentials table(5) after the second column could do the trick and would make table-passwd completely obsolete.
Re: table-passwd
> On 23. Sep 2019, at 18:58, Joerg Jung wrote: > > > >> On 18. Sep 2019, at 09:38, gil...@poolp.org wrote: >> >> September 17, 2019 11:41 PM, "Edgar Pettijohn" >> wrote: >> >>> On Sep 17, 2019 9:05 AM, Gilles Chehade wrote: >>> >>>> Hello, >>>> >>>> Is there anyone using table-passwd for _any_ other purposes than sharing >>>> with Dovecot ? >>>> >>>> I have built a fully virtual setup which shares credentials with Dovecot >>>> and since I managed to do it _without_ table-passwd I'm wondering if the >>>> table backend is really useful and if it was not created because soneone >>>> had overlooked the first few lines of the Dovecot documentation stating: >>>> >>>> "For a password database, it's enough to have only the user and password >>>> fields." >>>> >>> >>> Not actually using it, but for dovecot to use it as a userdb as well as a >>> passdb it needs the >>> additional fields. >>> >> >> ok so I'm misunderstanding the use-case, let me explain why I'm curious: >> >> I wrote table-passwd because I was told that if you wanted to create a >> virtual setup, >> backed by one single user, you needed to have a passwd(5)-format file for >> Dovecot and >> share that with OpenSMTPD. >> >> But then I did a fully virtual setup for myself and I didn't use >> table-passwd, so the >> rationale behind it falls a bit apart for me, unless there's other use-cases. >> >> On my setup, file /etc/mail/accounts is a simple two columns >> username/password table: >> >> # head -1 /etc/mail/accounts.txt >> gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6 >> # >> > [...] >> >> This allows both OpenSMTPD and Dovecot to authenticate accounts that are not >> system >> users, allows OpenSMTPD to drop mail to a maildir owned by system account in >> charge >> of virtual accounts and allows Dovecot to properly serve these accounts. >> >> Am I missing your use-cases here ? >> > > Yes, this is perfectly fine for simpler cases, but as someone else > mentioned in this thread earlier already: > Dovecot passdb knows about additional fields, in particular > to specify user specific quotas (usually rather important in > virtual user setups). table-passwd can handle/ignore these > extra_fields correctly. So my passwd file lines looks like this: > f...@bar.de <mailto:f...@bar.de>:$2b$::userdb_quota_rule=*:storage=10G Just for reference, these “extra_fields" seem documented nowadays here: https://doc.dovecot.org/configuration_manual/authentication/user_database_extra_fields/ https://doc.dovecot.org/configuration_manual/authentication/password_database_extra_fields/ <https://doc.dovecot.org/configuration_manual/authentication/password_database_extra_fields/>
Re: table-passwd
On Sep 23, 2019 11:58 AM, Joerg Jung wrote: > > > > > On 18. Sep 2019, at 09:38, gil...@poolp.org wrote: > > > > September 17, 2019 11:41 PM, "Edgar Pettijohn" > > wrote: > > > >> On Sep 17, 2019 9:05 AM, Gilles Chehade wrote: > >> > >>> Hello, > >>> > >>> Is there anyone using table-passwd for _any_ other purposes than sharing > >>> with Dovecot ? > >>> > >>> I have built a fully virtual setup which shares credentials with Dovecot > >>> and since I managed to do it _without_ table-passwd I'm wondering if the > >>> table backend is really useful and if it was not created because soneone > >>> had overlooked the first few lines of the Dovecot documentation stating: > >>> > >>> "For a password database, it's enough to have only the user and password > >>> fields." > >>> > >> > >> Not actually using it, but for dovecot to use it as a userdb as well as a > >> passdb it needs the > >> additional fields. > >> > > > > ok so I'm misunderstanding the use-case, let me explain why I'm curious: > > > > I wrote table-passwd because I was told that if you wanted to create a > > virtual setup, > > backed by one single user, you needed to have a passwd(5)-format file for > > Dovecot and > > share that with OpenSMTPD. > > > > But then I did a fully virtual setup for myself and I didn't use > > table-passwd, so the > > rationale behind it falls a bit apart for me, unless there's other > > use-cases. > > > > On my setup, file /etc/mail/accounts is a simple two columns > > username/password table: > > > > # head -1 /etc/mail/accounts.txt > > gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6 > > # > > > [...] > > > > This allows both OpenSMTPD and Dovecot to authenticate accounts that are > > not system > > users, allows OpenSMTPD to drop mail to a maildir owned by system account > > in charge > > of virtual accounts and allows Dovecot to properly serve these accounts. > > > > Am I missing your use-cases here ? > > > > Yes, this is perfectly fine for simpler cases, but as someone else > mentioned in this thread earlier already: > Dovecot passdb knows about additional fields, in particular > to specify user specific quotas (usually rather important in > virtual user setups). table-passwd can handle/ignore these > extra_fields correctly. So my passwd file lines looks like this: > f...@bar.de:$2b$::userdb_quota_rule=*:storage=10G > > > I'm guessing you are looking for fat to trim. Personally I like it as is. Just my two cents. Edgar
Re: table-passwd
Hi Gilles, I must have misunderstood what table-passwd is as my config is almost the same as yours except filenames and that mine specifies a different encryption scheme for the smtpd password file. passdb { args = scheme=blf-crypt /etc/mail/passwd driver = passwd-file } userdb { args = uid=vmail gid=vmail home=/home/vmail/%d/%n driver = static } Apologies for the noise. Nick On 18/09/2019 08:38, gil...@poolp.org wrote: September 17, 2019 11:41 PM, "Edgar Pettijohn" wrote: On Sep 17, 2019 9:05 AM, Gilles Chehade wrote: Hello, Is there anyone using table-passwd for _any_ other purposes than sharing with Dovecot ? I have built a fully virtual setup which shares credentials with Dovecot and since I managed to do it _without_ table-passwd I'm wondering if the table backend is really useful and if it was not created because soneone had overlooked the first few lines of the Dovecot documentation stating: "For a password database, it's enough to have only the user and password fields." Not actually using it, but for dovecot to use it as a userdb as well as a passdb it needs the additional fields. ok so I'm misunderstanding the use-case, let me explain why I'm curious: I wrote table-passwd because I was told that if you wanted to create a virtual setup, backed by one single user, you needed to have a passwd(5)-format file for Dovecot and share that with OpenSMTPD. But then I did a fully virtual setup for myself and I didn't use table-passwd, so the rationale behind it falls a bit apart for me, unless there's other use-cases. On my setup, file /etc/mail/accounts is a simple two columns username/password table: # head -1 /etc/mail/accounts.txt gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6 # I have the following OpenSMTPD config (three relevant lines): table accounts "/etc/mail/accounts" listen on egress port submission [...] auth action "deliver_local" maildir junk user _vusers And I have the following Dovecot config: # cat /etc/dovecot/conf.d/auth-mailbrix.conf.ext passdb { driver = passwd-file args = scheme=CRYPT /etc/mail/accounts } userdb { driver = static args = uid=_vusers gid=_vusers home=/var/maildir/%d/%u } # grep auth-mailbrix.conf.ext 10-auth.conf:!include auth-mailbrixconf.ext This allows both OpenSMTPD and Dovecot to authenticate accounts that are not system users, allows OpenSMTPD to drop mail to a maildir owned by system account in charge of virtual accounts and allows Dovecot to properly serve these accounts. Am I missing your use-cases here ?
Re: table-passwd
September 18, 2019 9:38 AM, gil...@poolp.org wrote: > On my setup, file /etc/mail/accounts is a simple two columns > username/password table: > > # head -1 /etc/mail/accounts.txt > gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6 > # obviously I replaced my real password with `encrypt test` ;-)
Re: table-passwd
September 17, 2019 11:41 PM, "Edgar Pettijohn" wrote: > On Sep 17, 2019 9:05 AM, Gilles Chehade wrote: > >> Hello, >> >> Is there anyone using table-passwd for _any_ other purposes than sharing >> with Dovecot ? >> >> I have built a fully virtual setup which shares credentials with Dovecot >> and since I managed to do it _without_ table-passwd I'm wondering if the >> table backend is really useful and if it was not created because soneone >> had overlooked the first few lines of the Dovecot documentation stating: >> >> "For a password database, it's enough to have only the user and password >> fields." >> > > Not actually using it, but for dovecot to use it as a userdb as well as a > passdb it needs the > additional fields. > ok so I'm misunderstanding the use-case, let me explain why I'm curious: I wrote table-passwd because I was told that if you wanted to create a virtual setup, backed by one single user, you needed to have a passwd(5)-format file for Dovecot and share that with OpenSMTPD. But then I did a fully virtual setup for myself and I didn't use table-passwd, so the rationale behind it falls a bit apart for me, unless there's other use-cases. On my setup, file /etc/mail/accounts is a simple two columns username/password table: # head -1 /etc/mail/accounts.txt gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6 # I have the following OpenSMTPD config (three relevant lines): table accounts "/etc/mail/accounts" listen on egress port submission [...] auth action "deliver_local" maildir junk user _vusers And I have the following Dovecot config: # cat /etc/dovecot/conf.d/auth-mailbrix.conf.ext passdb { driver = passwd-file args = scheme=CRYPT /etc/mail/accounts } userdb { driver = static args = uid=_vusers gid=_vusers home=/var/maildir/%d/%u } # grep auth-mailbrix.conf.ext 10-auth.conf:!include auth-mailbrix.conf.ext This allows both OpenSMTPD and Dovecot to authenticate accounts that are not system users, allows OpenSMTPD to drop mail to a maildir owned by system account in charge of virtual accounts and allows Dovecot to properly serve these accounts. Am I missing your use-cases here ?
Re: table-passwd
On Sep 17, 2019 9:05 AM, Gilles Chehade wrote: > > Hello, > > Is there anyone using table-passwd for _any_ other purposes than sharing > with Dovecot ? > > I have built a fully virtual setup which shares credentials with Dovecot > and since I managed to do it _without_ table-passwd I'm wondering if the > table backend is really useful and if it was not created because soneone > had overlooked the first few lines of the Dovecot documentation stating: > > "For a password database, it's enough to have only the user and password > fields." > > -- > Gilles Chehade @poolpOrg > > https://www.poolp.org patreon: https://www.patreon.com/gilles > Not actually using it, but for dovecot to use it as a userdb as well as a passdb it needs the additional fields. Edgar
Re: table-passwd
Hello, Is there anyone using table-passwd for _any_ other purposes than sharing with Dovecot ? Unless I'm misunderstanding the question, I use it all the time. If an appliance or server needs to be able to send or relay e-mail it gets an entry in the table-passwd, with an individual username and password combo. No need for Dovecot access under that user, no need for a system user. I have built a fully virtual setup which shares credentials with Dovecot and since I managed to do it _without_ table-passwd I'm wondering if the table backend is really useful My MXs are using individual credentials in order to relay incoming mails to the mailbox system. These credentials can't be abused to access a mailbox though. Same is true the other way around. (Mailbox server to "smarthost".) Without the table one would need to create system users?
Re: table-passwd
I'm using it for a table authentication for accepting client smtp relaying as well as the dovecot authentication. listen on egress port submission tls-require pki mail.red-five.net auth tag "Authenticated" Is there a better way to do this and how are you doing the dovecot authentication? Nick On 17/09/2019 15:05, Gilles Chehade wrote: Hello, Is there anyone using table-passwd for _any_ other purposes than sharing with Dovecot ? I have built a fully virtual setup which shares credentials with Dovecot and since I managed to do it _without_ table-passwd I'm wondering if the table backend is really useful and if it was not created because soneone had overlooked the first few lines of the Dovecot documentation stating: "For a password database, it's enough to have only the user and password fields."
table-passwd
Hello, Is there anyone using table-passwd for _any_ other purposes than sharing with Dovecot ? I have built a fully virtual setup which shares credentials with Dovecot and since I managed to do it _without_ table-passwd I'm wondering if the table backend is really useful and if it was not created because soneone had overlooked the first few lines of the Dovecot documentation stating: "For a password database, it's enough to have only the user and password fields." -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles
[PATCH 08/10] table-passwd: include includes.h
This is required for UID_MAX and GID_MAX --- extras/wip/tables/table-passwd/table_passwd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/extras/wip/tables/table-passwd/table_passwd.c b/extras/wip/tables/table-passwd/table_passwd.c index 7f305b2..194b999 100644 --- a/extras/wip/tables/table-passwd/table_passwd.c +++ b/extras/wip/tables/table-passwd/table_passwd.c @@ -29,6 +29,7 @@ #include "smtpd-defines.h" #include "smtpd-api.h" #include "log.h" +#include "includes.h" static int table_passwd_update(void); static int table_passwd_check(int, struct dict *, const char *); -- 2.4.2 -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: UID_MAX/GID_MAX needed by table-passwd
This issue has been fixed by this pull request: https://github.com/OpenSMTPD/OpenSMTPD-extras/pull/20 -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
UID_MAX/GID_MAX needed by table-passwd
More compat issues, perhaps: ../../../../extras/wip/tables/table-passwd/table_passwd.c: In function ‘parse_passwd_entry’: ../../../../extras/wip/tables/table-passwd/table_passwd.c:247:2: warning: implicit declaration of function ‘strtonum’ [-Wimplicit-function-declaration] pw->pw_uid = strtonum(q, 1, UID_MAX, &errstr); ^ ../../../../extras/wip/tables/table-passwd/table_passwd.c:247:30: error: ‘UID_MAX’ undeclared (first use in this function) pw->pw_uid = strtonum(q, 1, UID_MAX, &errstr); ^ ../../../../extras/wip/tables/table-passwd/table_passwd.c:247:30: note: each undeclared identifier is reported only once for each function it appears in ../../../../extras/wip/tables/table-passwd/table_passwd.c:256:30: error: ‘GID_MAX’ undeclared (first use in this function) pw->pw_gid = strtonum(q, 1, GID_MAX, &errstr); ^ -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: table-passwd invialid without the shell
>> In the documentation http://opensmtpd.org/table.5.html it doesn't use >> the shell in the passwd file. >> >table(5) describes the format of file, static and db tables which is >the internal format used by every table we support. >when you are using another table backend, you should read the >table_(5) man page, in this case, table_passwd(5) I have been using the man pages on the website and not on the console, ie. http://opensmtpd.org/table.5.html, in that regard I haven't seen a table_passwd section on the website. Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: table-passwd invialid without the shell
On Thu, Apr 17, 2014 at 07:13:57AM +0200, Martin Braun wrote: > In the documentation http://opensmtpd.org/table.5.html it doesn't use > the shell in the passwd file. > table(5) describes the format of file, static and db tables which is the internal format used by every table we support. when you are using another table backend, you should read the table_(5) man page, in this case, table_passwd(5) > The documentation uses the following example: > > [...] > > But in my case, because I am using "vmail" and having dovecot using > the same file, the file looks like this: > > user1:$2a$06$hIJ4QfMcp.90nJwKqGbKM.MybArjHOTpEtoTV.DgLYAiThuoYmTSe: > 5000:5000::/var/vmail:/bin/nologin > > I wanted to remove the ":/bin/nologin" part because Dovecot doesn't > need that, but if I do that I get the following error from OpenSMTPD: > You can't, table_passwd(5) expect as Unix passwd(5) style format, and the shell is part of it. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
table-passwd invialid without the shell
In the documentation http://opensmtpd.org/table.5.html it doesn't use the shell in the passwd file. The documentation uses the following example: In a listener context, the credentials are a mapping of username and encrypted passwords: user1 $2a$06$hIJ4QfMcp.90nJwKqGbKM.MybArjHOTpEtoTV.DgLYAiThuoYmTSe user2 $2a$06$bwSmUOBGcZGamIfRuXGTvuTo3VLbPG9k5yeKNMBtULBhksV5KdGsK But in my case, because I am using "vmail" and having dovecot using the same file, the file looks like this: user1:$2a$06$hIJ4QfMcp.90nJwKqGbKM.MybArjHOTpEtoTV.DgLYAiThuoYmTSe: 5000:5000::/var/vmail:/bin/nologin I wanted to remove the ":/bin/nologin" part because Dovecot doesn't need that, but if I do that I get the following error from OpenSMTPD: warn: table-passwd: invalid entry warn: table-passwd: error parsing config file warn: table-proc: pipe closed fatal: table-proc: exiting If I insert the login part and restart OpenSMTPD it works again. Maybe I am overlooking something, but I just wanted to mention this as I don't know if it is something currently disabled in latest snapshot of OpenSMTPD. Kind regards -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org