On 2012/09/22 11:20, Alexander Hall wrote: > On 09/21/12 23:12, Stuart Henderson wrote: > >On 2012/09/21 03:09, Alexander Hall wrote: > >>This is annoying, as it requires you to set auth=... and then explicity > >>close any services you don't want to expose, like "auth-ssh=" etc. > >>Obviously, this could very well lead to an incomplete list of disabled > >>services, causing all sorts of discomfort for the user and/or system > >>administrator. > > > >With the example it makes a lot more sense, however I think this ought > >to go upstream so it can be documented in the wiki, this way of using > >login.conf is new to me and I suspect quite a few other people. > >Now I know what it's for, I certainly wouldn't object to adding it > >as a patch once it's in upstream. > > I am not one of the people living in the unix world since the epoch, > but I'd say this is how it's supposed to be used. So documenting it > in detail in every place using bsd auth is maybe not the way to go. > Now, we're talking about the specific documentation of dovecot, so > I'd guess it could make sense there.
http://wiki2.dovecot.org/PasswordDatabase/PAM talks about how to do this for PAM, so http://wiki2.dovecot.org/PasswordDatabase/BSDAuth could use something equivalent. Actually their use of "args" in PAM might be worth borrowing? > Anyway, would we need a patch if it's in upstream? Or do you mean it > gets in in the trunk but not in the version we're having? Exactly, I don't think we would need to wait for a new release to pull this in.
