This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 1 and 3 (spanning 2 versions)
Revision 1 as of 2006-05-12 23:14:32
Size: 416
Editor: TimoSirainen
Comment:
Revision 3 as of 2006-11-05 13:27:13
Size: 1270
Editor: TimoSirainen
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
User is looked up using `getpwent()` call, which usually looks into `/etc/passwd` file, but depending on NSS configuration it may also look up the user from eg. LDAP database. User is looked up using `getpwent()` call, which usually looks into `/etc/passwd` file, but depending on [http://en.wikipedia.org/wiki/Name_Service_Switch NSS] configuration it may also look up the user from eg. LDAP database.
Line 5: Line 5:
Most commonly used as user database. Many systems use shadow passwords nowadays so it doesn't usually work as password database. BSDs are an exception to this, they still set the password field even with shadow passwords. Most commonly used as a user database. Many systems use shadow passwords nowadays so it doesn't usually work as a password database. BSDs are an exception to this, they still set the password field even with shadow passwords.

The lookup is done in the primary dovecot-auth process, so if NSS is configured to do the lookups from an external server, it slows down all the other authentications while waiting for the reply. For that reason you might want to increase the number of dovecot-auth processes (`count` setting inside auth block).

== nss_ldap ==

nss_ldap is badly broken with Dovecot, and you really shouldn't be using it. In some cases it might return wrong user's information and cause users to log in as each others. Dovecot nowadays has a workaround that checks if a wrong reply is returned, but [http://dovecot.org/list/dovecot/2006-September/016454.html apparently it doesn't always work].

There's a bug about this in [https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154314 RedHat's Bugzilla].

Passwd

User is looked up using getpwent() call, which usually looks into /etc/passwd file, but depending on [http://en.wikipedia.org/wiki/Name_Service_Switch NSS] configuration it may also look up the user from eg. LDAP database.

Most commonly used as a user database. Many systems use shadow passwords nowadays so it doesn't usually work as a password database. BSDs are an exception to this, they still set the password field even with shadow passwords.

The lookup is done in the primary dovecot-auth process, so if NSS is configured to do the lookups from an external server, it slows down all the other authentications while waiting for the reply. For that reason you might want to increase the number of dovecot-auth processes (count setting inside auth block).

nss_ldap

nss_ldap is badly broken with Dovecot, and you really shouldn't be using it. In some cases it might return wrong user's information and cause users to log in as each others. Dovecot nowadays has a workaround that checks if a wrong reply is returned, but [http://dovecot.org/list/dovecot/2006-September/016454.html apparently it doesn't always work].

There's a bug about this in [https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154314 RedHat's Bugzilla].

None: AuthDatabase/Passwd (last edited 2019-09-11 14:08:34 by MichaelSlusarz)