Hello, I have a problem, i have a ISPConfig system installed with postfix. When i then add a mail user with username web4_jonas and E-Mail [email protected] , i try to login at outlook, but here is my problem , the login username is web4_jonas and not the email adress. My question is, is there a way to change this so my users can login with their E-Mail and not the web4_**** username? Thank you Kind regards Jonas H. Schwartz
There is another thread http://www.howtoforge.com/forums/showthread.php?t=2905 But ISPConfig is designed to use prefixes to usernames, not suffixes, also @ is not allowed in a unix username. I personally would not do such low level hacks. Then better choose a control panel which supports virtual users officially. ** edit by edge. Please send a PM to the person about the part that I removed here.
I have done some little hacking to the PAM module of Courier-Authdaemon so that it also accepts email addresses as authentication for getting mails. Actually it uses the postfix virtusertable created by ISPconfig as lookup table from email address to system account. (Of course using the system user names still works too) (I guess when it gets very big, it would be better not to use the text file but the db instead...) Here is the diff Code: --- courier-authlib-0.58/authpam.c 2005-12-09 00:15:55.000000000 +0100 +++ authpam.c 2007-09-03 01:14:38.000000000 +0200 @@ -27,6 +27,10 @@ #include <Pam/pam_appl.h> #endif +#include <fcntl.h> +#include <unistd.h> + + static const char rcsid[]="$Id: authpam.c,v 1.22 2005/12/08 23:15:55 mrsam Exp $"; static const char *pam_username, *pam_password, *pam_service; @@ -302,6 +306,48 @@ pam_service=service; + + FILE *infile; + char line[256]; + memset(&line, 0, sizeof(line)); + char token[256]; + memset(&token, 0, sizeof(token)); + size_t length; + short done=0; + + int fd = open("/etc/postfix/virtusertable", O_RDONLY); + if (fd == -1) { + // ERROR + return (1); + } + fcntl(fd, F_SETFD, FD_CLOEXEC); + + infile = fdopen(fd, "r"); + while( fgets(line, sizeof(line), infile) != NULL ) { + if (done>0) + break; + if (line[0]=='#') + continue; + strcpy(token, strtok(line, " ")); + while (token != NULL) { + if (strcmp(pam_username, token) != 0) // does NOT match + break; + strcpy(token, strtok(NULL, " ")); + if (token!=NULL) { + length = strlen(token); + if (length>0 && token[length-1] == '\n') { + token[length-1]= '\0'; + done++; + } + } + } + } + close(fd); + + if (done>0) + strcpy(pam_username, token); + + ci.callback_func=callback_func; ci.callback_arg=callback_arg; return auth_pam_pre(pam_username, service, &callback_pam, &ci); I also have the library compiled for IA32 (I use Debian Etch) here www.roth.lu/libauthpam.so.0.0.0 Code: #ldd libauthpam.so.0.0.0 linux-gate.so.1 => (0xffffe000) libpam.so.0 => /lib/libpam.so.0 (0xb7f4d000) libdl.so.2 => /lib/tls/libdl.so.2 (0xb7f49000) libcourierauthcommon.so.0 => /usr/lib/courier-authlib/libcourierauthcommon.so.0 (0xb7f45000) libc.so.6 => /lib/tls/libc.so.6 (0xb7e13000) /lib/ld-linux.so.2 (0x80000000) libcrypt.so.1 => /lib/tls/libcrypt.so.1 (0xb7de5000) libcourierauth.so.0 => /usr/lib/courier-authlib/libcourierauth.so.0 (0xb7dda000) I assume no responsibilty if this fails at some point in the future but for now it seems to work well! have fun
Ehm.. maybe someone could also move this thread from "Linux Forums" to ISPConfig -> Installation/Configuration?
Hey jmroth, sounds really nice, i just have one question, where did you put this code.. Thank you very much
Its all in there, you just have to read it (BTW it would be even cooler to put this hack directly into PAM, not into Courier, maybe I'll do that later )
BTW I tested this code a little and it produces problems. Probably memory leaks or some other resource issues. So I would not recommend you use it. However if you clean it up, let me know
I wrote a tutorial on doing it, assuming you are using postfix+courier http://www.howtoforge.com/forums/showpost.php?p=86392&postcount=16 With my method users can login with either their "web##_name", or any of their associated email addresses. And there's no hacking the auth programs. And it uses a db for all its lookups, so it should work well even with a significant number of accounts.
