There are two issues with the job:
This page provides both a quick reference for getting them to work, and the actual necessary patches. note-1
This is about the quick way to get dovecot to authenticate with vmailmgr. For further details, see References below.
These steps are for patching dovecot:
patch -p0 < dovecot-vmailmgr.patch
You can then configure dovecot to use vmailmgr. Edit dovecot.conf:
userdb prefetch { }
passdb checkpassword {
args = /usr/local/libexec/dovecot/vmailmgrwrapper,/usr/local/libexec/dovecot/vmailmgr-reply
}This does it. If you experience any problem, set auth_debug = yes and have a look into the mail logs. Dovecot's debug is quite complete and helpful.
A first wrapper (vmailmgrwrapper) is needed for calling checkvpw the correct way. It needs to be executed like this:
checkvpw /path/to/execute/if/success maildir
This wrapper combines the arguments so that dovecot executes this command.
A second wrapper (vmailmgr-reply) is needed for interfacing the output of checkvpw when authentication succeeds, with what dovecot expects from it. This is what is executed in place of /path/to/execute/if/success.
A patch against dovecot's passdb-checkpassword.c implements
support for specifying a custom fetcher to checkpassword modules.
This second argument to args is optional. If omitted, dovecot
uses its default fetcher (which is checkpassword-reply).
A patch against dovecot's maildir-storage.c fixes a parsing bug that causes dovecot to cut mailbox paths when a colon is encountered.
Finally, a patch to makefiles is applied for including vmailmgrwrapper and vmailmgr-reply in the building and installing processes.
This is how an incoming service request is handled by dovecot. This patch does not modify the flow. This paragraph is provided for easing further hacks on this work, or different hacks on dovecot itself
Dovecot's imap-login process accepts an incoming connection.
It fetches authentication information from the client. It forwards
the authentication information to the authentication server, which is
a dovecot process (the process is started if it's not
available). The dovecot process think in terms of User database
-userdb- (check the user) and Password database -passdb- (check the
password). Many simpler authentication architectures collapse both in
one check, in which case the userdb is declared static
and all
the authentication is performed in one step by the passdb. Many passdb
exist, and checkpassword is one of these.
In case the plain or login authentication methods have been chosen,
the xyz_verify_plain() function is executed from the active
passdbs, and it is passed a auth_request structure with
authentication info.
For passdb-checkpassword with vmailmgr, the external authentication
process is run, and the checkpassword interface is followed for
getting back info:
/usr/local/libexec/dovecot/vmailmgrwrapper /usr/local/libexec/dovecot/vmailmgr-reply
These are respectively the first and second arguments in
configuration (see args = ...
).
vmailmgrwrapper in turn runs the following:
/usr/local/bin/checkvpw /usr/local/libexec/dovecot/vmailmgr-reply maildir
If auth goes ok, checkvpw runs vmailmgr-reply, which gathers accounting information (UID, GID and HOME -- path of the user's mailbox) and pass them back to dovecot.
This is a sample authentication session with the IMAP protocol with which it is easy to follow the above flow (or debug it) if auth_debug=yes is set in dovecot.conf:
$ telnet imaphost 143 Trying imaphost... Connected to imaphost. Escape character is '^]'. * OK Dovecot ready. 01 LOGIN user@domain.com abcuserpassword 01 OK Logged in.
With respect to:
$ telnet imaphost 143 Trying imaphost... Connected to imaphost. Escape character is '^]'. * OK Dovecot ready. 01 LOGIN non-existent@user.com badpass 01 NO Authentication failed.