From owner-freebsd-questions  Wed Jul  4  2: 6:54 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from gahch.it.ca (gahch.it.ca [216.126.86.4])
	by hub.freebsd.org (Postfix) with ESMTP id C2C6D37B403
	for <freebsd-questions@freebsd.org>; Wed,  4 Jul 2001 02:06:50 -0700 (PDT)
	(envelope-from paul@gahch.it.ca)
Received: (from paul@localhost)
	by gahch.it.ca (8.11.3/8.11.1) id f64965J13331
	for freebsd-questions@freebsd.org; Wed, 4 Jul 2001 05:06:05 -0400 (EDT)
	(envelope-from paul)
Date: Wed, 4 Jul 2001 05:06:05 -0400
From: Paul Chvostek <paul@it.ca>
To: freebsd-questions@freebsd.org
Subject: pam_radius username munging for pop3/imap?
Message-ID: <20010704050605.P31735@gahch.it.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


Heya.

I have no trouble using PAM to authenticate normal POP3/IMAP logins, but
how do I deal with a realm under pam_radius?  Or more to the point, is
there any way for me to set up some sort of translation of realm to local
username, so that realm support doesn't have to be built into the POP3
and IMAP source itself?

The situation is that I'm trying to migrate from an old server to a new
one....  The old server has an old hacked-up version of imap-uw that
knows how to translate a username "user@foobar.com" to "fb-user" and
check the password for the translated username.  The password file has
all the users for foobar.com with "fb-" in fron of 'em, and users can
use their email address as a POP3 login name.  There's a text file that
lists the translations between domains/realms and prefixes, and imapd
and ipop3d do their magic with putenv() and getenv().

I'm trying to duplicate the hack without having to re-apply it to
current UW sources, which are ugly and no fun to play in.  An ideal
solution would probably be a pam_radius parameter which could call an
external program that would translate an authenticated username into a
local account name.

Anybody have a quick fix?  Alternately, can anyone advise as to an
appropriate approach to this problem?  I'm having trouble thinking of
anything elegant.

Thanks.

-- 
  Paul Chvostek                                             <paul@it.ca>
  Operations / Development / Abuse / Whatever       vox: +1 416 598-0000
  IT Canada                                            http://www.it.ca/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message