[imp] Re: virtual users setup

Alan W. Rateliff, II lists at rateliff.net
Mon Mar 3 15:41:48 PST 2003


----- Original Message -----
From: "Steven Premeau" <premeau at uwp.edu>
To: <imp at lists.horde.org>
Sent: Monday, March 03, 2003 3:07 PM
Subject: [imp] Re: virtual users setup


> >Why don't you just use a server list?
> >
>
> Because I don't want the list of domains you can read email from to be
> "public".  I want to tell the appropriate students and faculty members
> without displaying a choice to the "uninitiated"  (The majority of our
> campus population doesn't need the option, I don't want to get into the
> potential battle of "Why do you provide webmail access for foo.uwp.edu,
> and not my system?")

Valid point.

> I think my questions have global relevance.  The example vinfo hook only
> talks about reworking the user name for preferences, it doesn't show an
> example of monkeying with the imap login name or any of the other
> parameters.  If we knew what user and mail server variables we had
> access to in the vinfo hook, it would be helpful.

I have written my own _horde_hook_username and _imp_hook_vinfo which others
might be interested in.  They're fairly rudamentary.

They require that the conf.php for Horde and Imp be modified to replace
['SERVER_NAME'] with ['HTTP_HOST'], and that Imp be Horde's authentication
manager.  The hooks are somewhat redundant, and probably the horde hook
could be done away with.

The hooks validate an email address against Sendmail's virtuser db.  They
also assume dbm and not hashing, and will need to be editted for your
virtuser db name and location.

Basically, they scan through the db looking for the entered email address
(built from the user-supplied username and the server-supplied domain
portion) to equate it to a local username.  It will loop as many times as
necessary until either a valid username is found, or the original email
address (recursion) is found.  If neither turn up, a NULL is returned, which
should fail authentication.

I want to do more with these, like clean up the code, check the username for
and /etc/mail/aliases entry, and a few other things.  But for now, it works
fine for my basic webmail setup, which is set up in Apache as "ServerName
mail.snorklesex.com" and "ServerAlias mail.*".

This has an intended side effect of requiring that a person use their email
address, and prevent log in from any domain when entering a valid local
username.  That is, a user with user1 at foo.com email address cannot log in as
user1 at not.foo.com, even though user1 is a valid local user account.  There
are other welcome side effects about which I won't go into detail.

Suggestions, recommendations, or scoldings are welcome.

http://alan2.rateliff.us/tasks.html

--
       Alan W. Rateliff, II        :       RATELIFF.NET
 Independent Technology Consultant :    alan2 at rateliff.net
      (Office) 850/350-0260        :  (Mobile) 850/559-0100
-------------------------------------------------------------
[System Administration][IT Consulting][Computer Sales/Repair]




More information about the imp mailing list