[horde] Authorisation and virtual mail users

Steffen skhorde at smail.inf.fh-bonn-rhein-sieg.de
Fri Feb 20 09:46:45 UTC 2015


On Fri, 20 Feb 2015, Vilius Sumskas/LNK wrote:
>>> Quoting Jānis <je at ktf.rtu.lv>:
>>>> there is the linux system with real users but for some
>>>> considerations unknown to me it is of utmost importance to use
>>>> virtual accounts for e-mails (postfix/dovecot/postfix-admin/mysql).
>>>> Currently evrth works, but the logging in twice is necessary -
>>>> first - for the Horde framework, except Imp, using sys user
>>>> credentials and the second - using virtual email address if one is
>>>> going to read/send e-mails.
>>>>
>>>> Sys users can not be virtualized because they have huge personal
>> homes there
>>>>
>>>> Is it possible to achieve single authorization for such strange
> system?
>>>
>>> If I understand your question correctly, it sounds like you are
>>> using the wrong authentication backend. You should use
>>> Application/IMP authentication, have the users login using the
>>> virtual account credentials, and make sure you set "hordeauth" to
>>> true in imp/config/backends.local.php.
>>
>> So the Horde users will be 100% virtual and, for example, task list
>> will belong to the virtual user at domain, not the user with sys account?
>>
>> What will happen if such "beast" would want to use ssh2 backend for
>> Gollem in order to access files on the system under his _system_
>> account? I think this calls for the second authentification anyway,
>> doesn't it?
>
> This calls for central username/password storage. LDAP or SQL. Configure
> all your services (ssh, imap, etc.) to it and then configure Horde to
> authenticate against it.

Some organisations do _not_ like to offer all services to one central 
account/password pair, because they consider user's lack of sensibility 
using certain passwords - e.g. reading mails in an internet cafe, storing 
mail passwords on smartphones easily available to other people - and want 
to protect other servers.
Well, so I interprete the OP's "it is of utmost importance to use virtual 
accounts for e-mails".

If that is not the intention, it should be easy to authentificate the 
virtual users with the passwords of the system users.

-- 
Steffen


More information about the horde mailing list