1
Key-value authentication database (v2.1.9+)
2
===========================================
4
Key-value databases can be used as auth backends. They probably should be used
5
only for caching in front of e.g. SQL auth backends, since they don't currently
6
support user iteration.
13
---%<-------------------------------------------------------------------------
16
args = /etc/dovecot/dovecot-dict-auth.conf
20
args = /etc/dovecot/dovecot-dict-auth.conf
22
---%<-------------------------------------------------------------------------
27
See the 'dovecot-dict-auth.conf.ext' file from example-config for full list of
28
configuration options. Basically you need these:
30
'/etc/dovecot/dovecot-dict-auth.conf.ext':
32
---%<-------------------------------------------------------------------------
33
uri = redis:host=127.0.0.1:port=6379
35
password_key = dovecot/passdb/%u
36
user_key = dovecot/userdb/%u
38
default_pass_scheme = plain
39
---%<-------------------------------------------------------------------------
44
Currently only JSON object values are supported. For example userdb lookup
45
should return something like:
47
---%<-------------------------------------------------------------------------
48
{ "uid": 123, "gid": 123, "home": "/home/username" }
49
---%<-------------------------------------------------------------------------
51
Complete example for authenticating via a UNIX socket
52
-----------------------------------------------------
54
The Dict auth backend can be used to query a local UNIX socket for users. This
55
can be handy for accessing user databases which would otherwise only be
56
accessible via the <CheckPassword> [AuthDatabase.CheckPassword.txt] backend and
59
When given a <"proxy:"> [Quota.Dict.txt] URL the Dict backend speaks a simple
60
protocol over a UNIX socket. The protocol is defined in
61
'src/lib-dict/dict-client.h' (Mercurial
62
[http://hg.dovecot.org/dovecot-2.2/file/tip/src/lib-dict/dict-client.h]).
69
---%<-------------------------------------------------------------------------
72
args = /etc/dovecot/dovecot-dict-auth.conf
80
args = /etc/dovecot/dovecot-dict-auth.conf
82
---%<-------------------------------------------------------------------------
87
The last "dictionary name" ("somewhere") argument is redundant here.
89
'/etc/dovecot/dovecot-dict-auth.conf.ext':
91
---%<-------------------------------------------------------------------------
92
uri = proxy:/var/run/auth_proxy_dovecot/socket:somewhere
94
password_key = passdb/%u
97
#default_pass_scheme = plain
98
---%<-------------------------------------------------------------------------
100
Server process for answering Dict lookups
101
-----------------------------------------
103
The server process listening on '/var/run/lookup_proxy_dovecot/socket' can be
104
written in any language.Here's an example in Perl:
106
---%<-------------------------------------------------------------------------
107
package AuthProxyDovecot;
108
use base qw( Net::Server::PreFork );
115
AuthProxyDovecot->run() or die "Could not initialize";
120
port => '/var/run/auth_proxy_dovecot/socket|unix',
123
log_file => 'Sys::Syslog',
124
syslog_logsock => 'unix',
125
syslog_ident => 'auth_proxy_dovecot',
126
syslog_facility => 'daemon',
130
pid_file => '/var/run/auth_proxy_dovecot.pid',
135
no_client_stdout => 1,
136
max_spare_servers => 2,
137
min_spare_servers => 1,
142
} ## end sub default_values
144
##################################################
146
sub process_request {
148
my $socket = $self->{server}->{client};
154
password => '$1$JrTuEHAY$gZA1y4ElkLHtnsrWNHT/e.',
155
userdb_home => "/home/username/",
164
home => "/home/username/",
172
# protocol from src/lib-dict/dict-client.h
173
my $json = JSON::XS->new;
176
$self->log(2, "Got request: $_");
178
my $cmd = substr($_,0,1);
179
next if $cmd eq 'H'; # "hello"
182
my ($namespace,$type,$arg) = split ('/',substr($_,1),3);
183
$self->log(4,"I:$namespace, $type, $arg");
184
if ($namespace eq 'shared') {
185
my $f = $L_handler{$type};
187
if (defined $f && defined $arg) {
188
$ret = $f->($self->{lookup}, $arg);
193
my $json = JSON::XS->new->indent(0)->utf8->encode($ret);
194
$self->log(4,"O:$json");
195
syswrite $socket, "O".$json."\n";
198
syswrite $socket, "F\n" unless $ret;
204
$self->log(2, "Invalid request: $@");
211
$self->log(1, 'Starting server');
214
sub pre_server_close_hook {
217
$self->log(1, 'Server is shut down');
223
---%<-------------------------------------------------------------------------
225
(This file was created from the wiki on 2013-11-24 04:42)