auth-system.conf.ext.erb 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. # Generated by Chef
  2. # Authentication for system users. Included from auth.conf.
  3. #
  4. # <doc/wiki/PasswordDatabase.txt>
  5. # <doc/wiki/UserDatabase.txt>
  6. # PAM authentication. Preferred nowadays by most systems.
  7. # PAM is typically used with either userdb passwd or userdb static.
  8. # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
  9. # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
  10. <% if Dovecot::Auth.has_passdb?(@auth['system']) -%>
  11. <%= Dovecot::Conf.authdb('pam', 'passdb', @auth['system']['passdb']) %>
  12. <% else -%>
  13. passdb {
  14. driver = pam
  15. # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
  16. # [cache_key=<key>] [<service name>]
  17. #args = dovecot
  18. }
  19. # System users (NSS, /etc/passwd, or similiar).
  20. # In many systems nowadays this uses Name Service Switch, which is
  21. # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
  22. #passdb {
  23. #driver = passwd
  24. # [blocking=no]
  25. #args =
  26. #}
  27. # Shadow passwords for system users (NSS, /etc/shadow or similiar).
  28. # Deprecated by PAM nowadays.
  29. # <doc/wiki/PasswordDatabase.Shadow.txt>
  30. #passdb {
  31. #driver = shadow
  32. # [blocking=no]
  33. #args =
  34. #}
  35. # PAM-like authentication for OpenBSD.
  36. # <doc/wiki/PasswordDatabase.BSDAuth.txt>
  37. #passdb {
  38. #driver = bsdauth
  39. # [blocking=no] [cache_key=<key>]
  40. #args =
  41. #}
  42. <% end -%>
  43. ##
  44. ## User databases
  45. ##
  46. # System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
  47. # uses Name Service Switch, which is configured in /etc/nsswitch.conf.
  48. <% if Dovecot::Auth.has_userdb?(@auth['system']) -%>
  49. <%= Dovecot::Conf.authdb('passwd', 'userdb', @auth['system']['userdb']) %>
  50. <% else -%>
  51. userdb {
  52. # <doc/wiki/AuthDatabase.Passwd.txt>
  53. driver = passwd
  54. # [blocking=no]
  55. #args =
  56. }
  57. # Static settings generated from template <doc/wiki/UserDatabase.Static.txt>
  58. #userdb {
  59. #driver = static
  60. # Can return anything a userdb could normally return. For example:
  61. #
  62. # args = uid=500 gid=500 home=/var/mail/%u
  63. #
  64. # LDA and LMTP needs to look up users only from the userdb. This of course
  65. # doesn't work with static userdb because there is no list of users.
  66. # Normally static userdb handles this by doing a passdb lookup. This works
  67. # with most passdbs, with PAM being the most notable exception. If you do
  68. # the user verification another way, you can add allow_all_users=yes to
  69. # the args in which case the passdb lookup is skipped.
  70. #
  71. #args =
  72. #}
  73. <% end -%>