--- /dev/null
+# Authentication for system users. Included from auth.conf.
+#
+# <doc/wiki/PasswordDatabase.txt>
+# <doc/wiki/UserDatabase.txt>
+
+# PAM authentication. Preferred nowadays by most systems.
+# PAM is typically used with either userdb passwd or userdb static.
+# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
+# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
+passdb {
+ driver = pam
+ # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
+ # [cache_key=<key>] [<service name>]
+ #args = dovecot
+}
+
+# System users (NSS, /etc/passwd, or similiar).
+# In many systems nowadays this uses Name Service Switch, which is
+# configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
+#passdb {
+ #driver = passwd
+ # [blocking=yes]
+ #args =
+#}
+
+# Shadow passwords for system users (NSS, /etc/shadow or similiar).
+# Deprecated by PAM nowadays.
+# <doc/wiki/PasswordDatabase.Shadow.txt>
+#passdb {
+ #driver = shadow
+ # [blocking=yes]
+ #args =
+#}
+
+# PAM-like authentication for OpenBSD.
+# <doc/wiki/PasswordDatabase.BSDAuth.txt>
+#passdb {
+ #driver = bsdauth
+ # [cache_key=<key>]
+ #args =
+#}
+
+##
+## User databases
+##
+
+# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
+# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
+userdb {
+ # <doc/wiki/AuthDatabase.Passwd.txt>
+ driver = passwd
+ # [blocking=no]
+ #args =
+}
+
+# Static settings generated from template <doc/wiki/UserDatabase.Static.txt>
+#userdb {
+ #driver = static
+ # Can return anything a userdb could normally return. For example:
+ #
+ # args = uid=500 gid=500 home=/var/mail/%u
+ #
+ # LDA and LMTP needs to look up users only from the userdb. This of course
+ # doesn't work with static userdb because there is no list of users.
+ # Normally static userdb handles this by doing a passdb lookup. This works
+ # with most passdbs, with PAM being the most notable exception. If you do
+ # the user verification another way, you can add allow_all_users=yes to
+ # the args in which case the passdb lookup is skipped.
+ #
+ #args =
+#}
auth_mechanisms = plain
##
-## Password databases
+## Password and user databases
##
#
# duplicating the system users into virtual database.
#
# <doc/wiki/PasswordDatabase.txt>
-#
-# By adding master=yes setting inside a passdb you make the passdb a list
-# of "master users", who can log in as anyone else. Unless you're using PAM,
-# you probably still want the destination user to be looked up from passdb
-# that it really exists. This can be done by adding pass=yes setting to the
-# master passdb. <doc/wiki/Authentication.MasterUsers.txt>
-
-# Users can be temporarily disabled by adding a passdb with deny=yes.
-# If the user is found from that database, authentication will fail.
-# The deny passdb should always be specified before others, so it gets
-# checked first. Here's an example:
-
-#passdb {
- #driver = passwd-file
- # File contains a list of usernames, one per line
- #args = /etc/dovecot.deny
- #deny = yes
-#}
-
-passdb {
- # PAM authentication. Preferred nowadays by most systems.
- # Note that PAM can only be used to verify if user's password is correct,
- # so it can't be used as userdb. If you don't want to use a separate user
- # database (passwd usually), you can use static userdb.
- # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
- # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
- driver = pam
- # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
- # [cache_key=<key>] [<service name>]
- #
- # session=yes makes Dovecot open and immediately close PAM session. Some
- # PAM plugins need this to work, such as pam_mkhomedir.
- #
- # setcred=yes makes Dovecot establish PAM credentials if some PAM plugins
- # need that. They aren't ever deleted though, so this isn't enabled by
- # default.
- #
- # max_requests specifies how many PAM lookups to do in one process before
- # recreating the process. The default is 100, because many PAM plugins
- # leak memory.
- #
- # cache_key can be used to enable authentication caching for PAM
- # (auth_cache_size also needs to be set). It isn't enabled by default
- # because PAM modules can do all kinds of checks besides checking password,
- # such as checking IP address. Dovecot can't know about these checks
- # without some help. cache_key is simply a list of variables (see
- # doc/wiki/Variables.txt) which must match for the cached data to be used.
- # Here are some examples:
- # %u - Username must match. Probably sufficient for most uses.
- # %u%r - Username and remote IP address must match.
- # %u%s - Username and service (ie. IMAP, POP3) must match.
- #
- # The service name can contain variables, for example %Ls expands to
- # pop3 or imap.
- #
- # Some examples:
- # args = session=yes %Ls
- # args = cache_key=%u dovecot
- #args = dovecot
-
- # System users (NSS, /etc/passwd, or similiar)
- # In many systems nowadays this uses Name Service Switch, which is
- # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
- #driver = passwd
- # [blocking=yes] - See userdb passwd for explanation
- #args =
-
- # Shadow passwords for system users (NSS, /etc/shadow or similiar).
- # Deprecated by PAM nowadays.
- # <doc/wiki/PasswordDatabase.Shadow.txt>
- #driver = shadow
- # [blocking=yes] - See userdb passwd for explanation
- #args =
-
- # PAM-like authentication for OpenBSD.
- # <doc/wiki/PasswordDatabase.BSDAuth.txt>
- #driver = bsdauth
- # [cache_key=<key>] - See cache_key in PAM for explanation.
- #args =
-
- # passwd-like file with specified location
- # <doc/wiki/AuthDatabase.PasswdFile.txt>
- #driver = passwd-file
- # [scheme=<default password scheme>] [username_format=<format>]
- # <Path for passwd-file>
- #args =
-
- # checkpassword executable authentication
- # NOTE: You will probably want to use "userdb prefetch" with this.
- # <doc/wiki/AuthDatabase.CheckPassword.txt>
- #driver = checkpassword
- # Path for checkpassword binary
- #args =
-
- # SQL database <doc/wiki/AuthDatabase.SQL.txt>
- #driver = sql
- # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
- #args =
-
- # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
- #driver = ldap
- # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
- #args =
-
- # vpopmail authentication <doc/wiki/AuthDatabase.VPopMail.txt>
- #driver = vpopmail
- # [cache_key=<key>] - See cache_key in PAM for explanation.
- # [quota_template=<template>] - %q expands to Maildir++ quota
- # (eg. quota_template=quota_rule=*:backend=%q)
- #args =
-}
-
-##
-## User databases
-##
-
#
# User database specifies where mails are located and what user/group IDs
-# own them. For single-UID configuration use "static".
+# own them. For single-UID configuration use "static" userdb.
#
# <doc/wiki/UserDatabase.txt>
-#
-
-# "prefetch" user database means that the passdb already provided the
-# needed information and there's no need to do a separate userdb lookup.
-# This can be made to work with SQL and LDAP databases, see their example
-# configuration files for more information how to do it.
-# <doc/wiki/UserDatabase.Prefetch.txt>
-#userdb {
- #driver = prefetch
-#}
-
-userdb {
- # System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
- # uses Name Service Switch, which is configured in /etc/nsswitch.conf.
- # <doc/wiki/AuthDatabase.Passwd.txt>
- driver = passwd
- # [blocking=yes] - By default the lookups are done in the main dovecot-auth
- # process. This setting causes the lookups to be done in auth worker
- # proceses. Useful with remote NSS lookups that may block.
- # NOTE: Be sure to use this setting with nss_ldap or users might get
- # logged in as each others!
- #args =
-
- # passwd-like file with specified location
- # <doc/wiki/AuthDatabase.PasswdFile.txt>
- #driver = passwd-file
- # [username_format=<format>] <Path for passwd-file>
- #args =
-
- # checkpassword executable user database lookup
- # <doc/wiki/AuthDatabase.CheckPassword.txt>
- #driver = checkpassword
- # Path for checkpassword binary
- #args =
-
- # static settings generated from template <doc/wiki/UserDatabase.Static.txt>
- #driver = static
- # Template for the fields. Can return anything a userdb could normally
- # return. For example:
- #
- # args = uid=500 gid=500 home=/var/mail/%u
- #
- # If you use deliver, it needs to look up users only from the userdb. This
- # of course doesn't work with static because there is no list of users.
- # Normally static userdb handles this by doing a passdb lookup. This works
- # with most passdbs, with PAM being the most notable exception. If you do
- # the user verification another way, you can add allow_all_users=yes to
- # the args in which case the passdb lookup is skipped.
- #
- #args =
-
- # SQL database <doc/wiki/AuthDatabase.SQL.txt>
- #driver = sql
- # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
- #args =
-
- # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
- #driver = ldap
- # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
- #args =
- # vpopmail <doc/wiki/AuthDatabase.VPopMail.txt>
- #driver = vpopmail
-}
+#!include auth-deny.conf.ext
+#!include auth-master.conf.ext
+!include auth-system.conf.ext
+#!include auth-sql.conf.ext
+#!include auth-ldap.conf.ext
+#!include auth-passwdfile.conf.ext
+#!include auth-vpopmail.conf.ext
projects / thirdparty / dovecot / core.git / commitdiff
