> Le 1 juil. 2015 à 04:38, Laz C. Peterson > a écrit : > > I have an interesting case here … > > Virtual mailboxes, domain/username/aliases stored in MySQL, authentication > done using PAM. PAM authenticates through Kerberos, which are internal > realms and not the email domains — for example, my username would be > laz@PARAVIS.LOCAL <mailto:laz@PARAVIS.LOCAL> and my email address would be > l...@paravis.net <mailto:l...@paravis.net>. > > All of this works just fine. But what I want to do is allow the users to log > in using their email address and not their full Kerberos name. It is > becoming laborious to help the users understand the difference between their > username@LOCAL.REALM and username@email.address > <mailto:username@email.address> and why we have to have two separate > identities that mean the same thing. > > I have the SQL statements to convert either the Kerberos login or the email > address to the actual Kerberos login (so they may use either). But I cannot > seem to figure out how to get Dovecot to acknowledge this as the mapped > username. > > I’m sure there has to be a way. Any help will be greatly appreciated. Thank > you!
Hello Laz, I fear you’ll have to resort to CheckPassword (http://wiki2.dovecot.org/AuthDatabase/CheckPassword) or something similar. Indeed, your MySql database may contain everything needed to convert email addresses to kerb login (and vice-versa), but Dovecot’s PAM interface understandably just knows about a (login, password) pair, where the login is the one provided by the user wanting to log in. That said, I hope to be wrong, Axel
