ApplePAM (OSX). PAM doesn't provide user database, so you have to use
something else for that - passwd usually.
-Here's an example /etc/pam.d/imap configuration file which uses
-standard UNIX authentication:
+By default Dovecot uses "dovecot" service, ie. the PAM configuration is in
+/etc/pam.d/dovecot file. You can override this by giving the wanted service
+name as parameter for pam. For example "auth_passdb = pam dovecot2". If you
+give "*" as service name, Dovecot uses "imap" service for IMAP connections
+and "pop3" service for POP3 connections.
+
+Here's an example /etc/pam.d/dovecot configuration file which uses standard
+UNIX authentication:
auth required pam_unix.so nullok
account required pam_unix.so
# Where password database is kept:
# passwd: /etc/passwd or similiar, using getpwnam()
# shadow: /etc/shadow or similiar, using getspnam()
-# pam: PAM authentication
+# pam [<service> | *]: PAM authentication
# passwd-file <path>: passwd-like file with specified location
# vpopmail: vpopmail authentication
# ldap <config path>: LDAP, see doc/dovecot-ldap.conf
}
static void
-pam_verify_plain_child(const char *user, const char *password, int fd)
+pam_verify_plain_child(const char *service, const char *user,
+ const char *password, int fd)
{
pam_handle_t *pamh;
struct pam_userpass userpass;
userpass.user = user;
userpass.pass = password;
- status = pam_start(service_name, user, &conv, &pamh);
+ status = pam_start(service, user, &conv, &pamh);
if (status != PAM_SUCCESS) {
result = PASSDB_RESULT_INTERNAL_FAILURE;
str = t_strdup_printf("pam_start(%s) failed: %s",
verify_plain_callback_t *callback)
{
struct pam_auth_request *pam_auth_request;
+ const char *service;
int fd[2];
pid_t pid;
+ service = service_name != NULL ? service_name :
+ request->protocol == AUTH_PROTOCOL_IMAP ? "imap" :
+ request->protocol == AUTH_PROTOCOL_POP3 ? "pop3" : NULL;
+ if (service == NULL) {
+ i_error("Unknown protocol %d in auth request",
+ request->protocol);
+ }
+
if (pipe(fd) < 0) {
i_error("PAM: pipe() failed: %m");
callback(PASSDB_RESULT_INTERNAL_FAILURE, request);
if (pid == 0) {
(void)close(fd[0]);
- pam_verify_plain_child(request->user, password, fd[1]);
+ pam_verify_plain_child(service, request->user, password, fd[1]);
_exit(0);
}
static void pam_init(const char *args)
{
- service_name = i_strdup(*args != '\0' ? args : "dovecot");
+ service_name = strcmp(args, "*") == 0 ? NULL :
+ i_strdup(*args != '\0' ? args : "dovecot");
to_wait = NULL;
}
projects / thirdparty / dovecot / core.git / commitdiff
