Hi again,
Am 2015-06-29 22:29, schrieb Evgeniy Berdnikov:
> On Mon, Jun 29, 2015 at 06:28:07PM +0200, Jonas Meurer wrote:
>> Nope, I mean the domain part of provided username.
>
> Username is saved in $auth1. Clearly documented.
True. My problem was about splitting the username and using part of it
for the passwd file to look up.
>> If somebody tries to
>> authenticate as 'user@???', then the password file to lookup
>> the
>> credentials is '/etc/vmail/users/domain.org'. This is what I try to
>> achieve. Is this possible at all?
>
> Just split the username string on '@', extract domain and use it.
Ok, got that now. The following statement splits the username on '@'
and looks up the password for user <LOCALPART> in password file
/etc/vmail/users/<DOMAIN>:
vmail_auth_cram:
server_debug_print = "A: vmail-authenticator cram-md5 for $auth1"
driver = cram_md5
public_name = CRAM-MD5
server_secret = \
${lookup{${extract{1}{@}{$auth1}}} \
lsearch{VMAIL_USERS_DOMAINS/${extract{2}{@}{$auth1}}} \
{$value} \
fail \
}
server_set_id = ${extract{1}{@}{$auth1}}
Problem is, that the password needs to be stored unencrypted in the
password file for that authenticator. Is it possible to use encrypted
password stores for cram-md5 authenticator, as it is for plain and
login authenticators?
Cheers,
jonas
