Re: [exim] Dovecot authentication

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim users
Sujet: Re: [exim] Dovecot authentication
Renaud Allard wrote:

*SNIP*

> In fact, I must admit I would prefer a patch that would let
> dovecot authenticate against exim (which in turn supports
> cyrus-sasl libray even for PLAIN, LOGIN,...).
>


Have care also as to what (system) users Exim and Dovecot run as.

One can cause them to utilize the UID:GID of the end-user for
delivery/retrieval (common).

We prefer running each under its own UID, and as members of a
common group. Virtual users thereby need no system accounts at
all, have no rights to mail storage except as authenticated
clients of Dovecot or Exim, and knowledge of a user's UID cannot
be escalated to non-mail or other-folks-mail on-box access.
Less common, AFAIK.

HTH,

Bill