This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 9 and 10
Revision 9 as of 2008-01-06 01:18:01
Size: 2132
Editor: TimoSirainen
Comment:
Revision 10 as of 2008-01-06 01:24:52
Size: 2205
Editor: TimoSirainen
Comment:
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
 * [wiki:PasswordDatabase/ExtraFields/User user]: Change the username (eg. lowercase it).
 * [wiki:PasswordDatabase/ExtraFields/AllowNets allow_nets]: Allow user to log in from only specified IPs.
 * [wiki:PasswordDatabase/ExtraFields/Proxy proxy and proxy_maybe]: Proxy the connection to another IMAP/POP3 server.
 * [wiki:PasswordDatabase/ExtraFields/Host host]: Send login referral to client.
 * [wiki:PasswordDatabase/ExtraFields/NoLogin nologin]: User isn't actually allowed to log in even if the password matches, with optionally a different reason given as the authentication failure message.
 * [wiki:PasswordDatabase/ExtraFields/NoDelay nodelay]: Don't delay reply to client in case of an authentication failure.
 * [:PasswordDatabase/ExtraFields/User:user]: Change the username (eg. lowercase it).
 * [:PasswordDatabase/ExtraFields/AllowNets:allow_nets]: Allow user to log in from only specified IPs.
 * [:PasswordDatabase/ExtraFields/Proxy:proxy and proxy_maybe]: Proxy the connection to another IMAP/POP3 server.
 * [:PasswordDatabase/ExtraFields/Host:host]: Send login referral to client.
 * [:PasswordDatabase/ExtraFields/NoLogin:nologin]: User isn't actually allowed to log in even if the password matches, with optionally a different reason given as the authentication failure message.
 * [:PasswordDatabase/ExtraFields/NoDelay:nodelay]: Don't delay reply to client in case of an authentication failure.
 * nopassword: v1.1+: If you want to allow all passwords, use an empty password and this field.

Password database extra fields

The primary purpose of a password database lookup is to return the password for a given user. It may however also return other fields which are treated specially:

  • [:PasswordDatabase/ExtraFields/User:user]: Change the username (eg. lowercase it).

  • [:PasswordDatabase/ExtraFields/AllowNets:allow_nets]: Allow user to log in from only specified IPs.

  • [:PasswordDatabase/ExtraFields/Proxy:proxy and proxy_maybe]: Proxy the connection to another IMAP/POP3 server.

  • [:PasswordDatabase/ExtraFields/Host:host]: Send login referral to client.

  • [:PasswordDatabase/ExtraFields/NoLogin:nologin]: User isn't actually allowed to log in even if the password matches, with optionally a different reason given as the authentication failure message.

  • [:PasswordDatabase/ExtraFields/NoDelay:nodelay]: Don't delay reply to client in case of an authentication failure.

  • nopassword: v1.1+: If you want to allow all passwords, use an empty password and this field.

How to return these extra fields depends on the password database you use. See the [wiki:PasswordDatabase password database] pages on how to do it. Some passdbs however don't support returning them at all, such as [wiki:PasswordDatabase/PAM PAM].

The password database may also return fields prefixed with userdb_. These fields are only saved and used later as if they came from the [wiki:UserDatabase user database]'s extra fields. Typically this is done only when using [wiki:UserDatabase/Prefetch prefetch userdb].

Note that boolean fields are true always if the field exists. So nodelay, nodelay=yes, nodelay=no and nodelay=0 all mean that the nodelay field is true. With SQL the field is considered to be non-existent if its value is NULL.

Examples

SQL

dovecot-sql.conf:

password_query = SELECT userid as user, password, 'Y' as proxy, host \
  FROM users WHERE userid = '%u'
# NOTE: Dovecot doesn't really support line splitting with '\' currently

LDAP

dovecot-ldap.conf:

pass_attrs=uid=user,userPassword=password,proxy,hostName=host

passwd-file

user:{plain}pass::::::proxy=y host=127.0.0.1

None: PasswordDatabase/ExtraFields (last edited 2019-09-11 14:02:20 by MichaelSlusarz)