This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 17 and 18
Revision 17 as of 2013-03-26 03:07:46
Size: 2877
Editor: zap
Comment:
Revision 18 as of 2013-08-15 20:14:51
Size: 3465
Editor: 0894461339
Comment: Expand/clarify default_fields and override_fields explanation
Deletions are marked like this. Additions are marked like this.
Line 35: Line 35:
 * '''default fields= <var>=<value> ...''': pass environment variables to post-login script ({{{<var>}}} converted to upper-case). {{{<value>}}} can contain dovecot [[Variables|variables]].  * '''default_fields= <var>=<value> ...''': pass environment variables to post-login script ({{{<var>}}} converted to upper-case). {{{<value>}}} can contain dovecot [[Variables|variables]]. This allows to specify default template values that can be overridden by passwd-file (for the standard userdb fields, the file still should contain the respective fields, albeit empty).
 * '''override_fields= <var>=<value> ...''': pass environment variables to post-login script ({{{<var>}}} converted to upper-case). {{{<value>}}} can contain dovecot [[Variables|variables]]. This allows to override values from passwd-file (for the standard userdb fields, the file still should contain the respective fields, albeit empty).
Line 48: Line 49:
  default_fields = uid=vmail gid=vmail home=/home/vmail/%u

Passwd-file

This file is compatible with a normal /etc/passwd file, and a password file used by libpam-pwdfile PAM plugin. It's in the following format:

user:password:uid:gid:(gecos):home:(shell):extra_fields

For a password database it's enough to have only the user and password fields. For a user database, you need to set also uid, gid and preferably also home (see VirtualUsers). (gecos) and (shell) fields are unused by Dovecot.

The password field can be in four formats:

  • password: Assume CRYPT password scheme.

  • {SCHEME}password: The password is in the given scheme.

  • password[13]: libpam-passwd file compatible format for CRYPT scheme.

  • password[34]: libpam-passwd file compatible format for MD5 scheme.

extra_fields is a space-separated list of key=value pairs which can be used to set various passdb settings and userdb settings. Keys which begin with a userdb_ prefix are used for userdb, others are used for passdb. So for example if you wish to override mail_location setting for one user, use userdb_mail=mbox:~/mail.

Empty lines and lines beginning with '#' character are ignored.

Multiple passwd files

You can use all the variables in the passwd-file filenames, for example:

passdb {
  driver = passwd-file
  # Each domain has a separate passwd-file:
  args = /etc/auth/%d/passwd
}

Parameters

  • scheme=<s>: Allows you to specify the default password scheme. The default is CRYPT. This is available only for passdb.

  • username_format=<s>: Look up usernames using this format instead of the full username (%u). If you want to enable user@domain logins but have only "user" in the file, set this to %n.

  • default_fields= <var>=<value> ...: pass environment variables to post-login script (<var> converted to upper-case). <value> can contain dovecot variables. This allows to specify default template values that can be overridden by passwd-file (for the standard userdb fields, the file still should contain the respective fields, albeit empty).

  • override_fields= <var>=<value> ...: pass environment variables to post-login script (<var> converted to upper-case). <value> can contain dovecot variables. This allows to override values from passwd-file (for the standard userdb fields, the file still should contain the respective fields, albeit empty).

For example:

passdb {
  driver = passwd-file
  args = scheme=plain-md5 username_format=%n /etc/imap.passwd
}
userdb {
  driver = passwd-file
  args = username_format=%n /etc/imap.passwd
  default_fields = local_port=%a
  default_fields = uid=vmail gid=vmail home=/home/vmail/%u
}

Examples

This file can be used as a passdb:

user:{plain}password
user2:{plain}password2

passdb with extra fields:

user:{plain}password::::::allow_nets=192.168.0.0/24

This file can be used as both a passwd and a userdb:

user:{plain}pass:1000:1000::/home/user::userdb_mail=maildir:~/Maildir allow_nets=192.168.0.0/24
user2:{plain}pass2:1001:1001::/home/user2

None: AuthDatabase/PasswdFile (last edited 2019-09-11 14:15:57 by MichaelSlusarz)