12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 |
- # Authentication for system users. Included from auth.conf.
- #
- # <doc/wiki/PasswordDatabase.txt>
- # <doc/wiki/UserDatabase.txt>
- # PAM authentication. Preferred nowadays by most systems.
- # PAM is typically used with either userdb passwd or userdb static.
- # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
- # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
- <% if Dovecot::Auth.has_passdb?(@auth['system']) -%>
- <%= Dovecot::Conf.authdb('passdb', @auth['system']['passdb']) %>
- <% else -%>
- passdb {
- driver = pam
- # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
- # [cache_key=<key>] [<service name>]
- #args = dovecot
- }
- # System users (NSS, /etc/passwd, or similiar).
- # In many systems nowadays this uses Name Service Switch, which is
- # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
- #passdb {
- #driver = passwd
- # [blocking=no]
- #args =
- #}
- # Shadow passwords for system users (NSS, /etc/shadow or similiar).
- # Deprecated by PAM nowadays.
- # <doc/wiki/PasswordDatabase.Shadow.txt>
- #passdb {
- #driver = shadow
- # [blocking=no]
- #args =
- #}
- # PAM-like authentication for OpenBSD.
- # <doc/wiki/PasswordDatabase.BSDAuth.txt>
- #passdb {
- #driver = bsdauth
- # [blocking=no] [cache_key=<key>]
- #args =
- #}
- <% end -%>
- ##
- ## User databases
- ##
- # System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
- # uses Name Service Switch, which is configured in /etc/nsswitch.conf.
- <% if Dovecot::Auth.has_userdb?(@auth['system']) -%>
- <%= Dovecot::Conf.authdb('userdb', @auth['system']['userdb']) %>
- <% else -%>
- userdb {
- # <doc/wiki/AuthDatabase.Passwd.txt>
- driver = passwd
- # [blocking=no]
- #args =
- }
- # Static settings generated from template <doc/wiki/UserDatabase.Static.txt>
- #userdb {
- #driver = static
- # Can return anything a userdb could normally return. For example:
- #
- # args = uid=500 gid=500 home=/var/mail/%u
- #
- # LDA and LMTP needs to look up users only from the userdb. This of course
- # doesn't work with static userdb because there is no list of users.
- # Normally static userdb handles this by doing a passdb lookup. This works
- # with most passdbs, with PAM being the most notable exception. If you do
- # the user verification another way, you can add allow_all_users=yes to
- # the args in which case the passdb lookup is skipped.
- #
- #args =
- #}
- <% end -%>
|