[horde] Authorisation and virtual mail users
Vilius Sumskas/LNK
vilius at lnk.lt
Fri Feb 20 08:52:57 UTC 2015
> > Quoting Jānis <je at ktf.rtu.lv>:
> >> there is the linux system with real users but for some
> >> considerations unknown to me it is of utmost importance to use
> >> virtual accounts for e-mails (postfix/dovecot/postfix-admin/mysql).
> >> Currently evrth works, but the logging in twice is necessary -
> >> first - for the Horde framework, except Imp, using sys user
> >> credentials and the second - using virtual email address if one is
> >> going to read/send e-mails.
> >>
> >> Sys users can not be virtualized because they have huge personal
> homes there
> >>
> >> Is it possible to achieve single authorization for such strange
system?
> >
> > If I understand your question correctly, it sounds like you are
> > using the wrong authentication backend. You should use
> > Application/IMP authentication, have the users login using the
> > virtual account credentials, and make sure you set "hordeauth" to
> > true in imp/config/backends.local.php.
>
> So the Horde users will be 100% virtual and, for example, task list
> will belong to the virtual user at domain, not the user with sys account?
>
> What will happen if such "beast" would want to use ssh2 backend for
> Gollem in order to access files on the system under his _system_
> account? I think this calls for the second authentification anyway,
> doesn't it?
This calls for central username/password storage. LDAP or SQL. Configure
all your services (ssh, imap, etc.) to it and then configure Horde to
authenticate against it.
--
Vilius
More information about the horde
mailing list