[horde] Authorisation and virtual mail users

Vilius Sumskas/LNK vilius at lnk.lt
Fri Feb 20 08:52:57 UTC 2015


> > Quoting Jānis <je at ktf.rtu.lv>:
> >> there is the linux system with real users but for some 
> >> considerations unknown to me it is of utmost importance to use 
> >> virtual accounts for e-mails (postfix/dovecot/postfix-admin/mysql).
> >> Currently evrth works, but the logging in twice is necessary - 
> >> first - for the Horde framework, except Imp, using sys user 
> >> credentials and the second - using virtual email address if one is 
> >> going to read/send e-mails.
> >>
> >> Sys users can not be virtualized because they have huge personal 
> homes there
> >>
> >> Is it possible to achieve single authorization for such strange 
system?
> >
> > If I understand your question correctly, it sounds like you are 
> > using the wrong authentication backend. You should use 
> > Application/IMP authentication, have the users login using the 
> > virtual account credentials, and make sure you set "hordeauth" to 
> > true in imp/config/backends.local.php.
> 
> So the Horde users will be 100% virtual and, for example, task list 
> will belong to the virtual user at domain, not the user with sys account?
> 
> What will happen if such "beast" would want to use ssh2 backend for 
> Gollem in order to access files on the system under his _system_ 
> account? I think this calls for the second authentification anyway, 
> doesn't it?

This calls for central username/password storage. LDAP or SQL. Configure 
all your services (ssh, imap, etc.) to it and then configure Horde to 
authenticate against it.

-- 
   Vilius


More information about the horde mailing list