Chapter 37 - The dovecot authenticator
This authenticator is an interface to the authentication facility of the Dovecot 2 POP/IMAP server, which can support a number of authentication methods. Note that Dovecot must be configured to use auth-client not auth-userdb. If you are using Dovecot to authenticate POP/IMAP clients, it might be helpful to use the same mechanisms for SMTP authentication. This is a server authenticator only. There is only one option:
server_socket | Use: dovecot | Type: string | Default: unset |
This option must specify the UNIX socket that is the interface to Dovecot authentication. The public_name option must specify an authentication mechanism that Dovecot is configured to support. You can have several authenticators for different mechanisms. For example:
dovecot_plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 dovecot_ntlm: driver = dovecot public_name = NTLM server_socket = /var/run/dovecot/auth-client server_set_id = $auth1
If the SMTP connection is encrypted, or if $sender_host_address is equal to $received_ip_address (that is, the connection is local), the “secured” option is passed in the Dovecot authentication command. If, for a TLS connection, a client certificate has been verified, the “valid-client-cert” option is passed. When authentication succeeds, the identity of the user who authenticated is placed in $auth1.
The Dovecot configuration to match the above will look something like:
conf.d/10-master.conf :- service auth { ... #SASL unix_listener auth-client { mode = 0660 user = mail } ... } conf.d/10-auth.conf :- auth_mechanisms = plain login ntlm