radicale-dovecot-auth
radicale-dovecot-auth copied to clipboard
Arvedui
Passing the remote ip in auth request
Info: CentOS 7.8.2003 postfix 2.10.1 dovecot 2.2.36 radicale 3.0.3
I've been trying radicale in a test server, but I can't get the auth to work. After bashing my head for a while it dawned on me to enable on auth_debug in dovecot and finally realized why it doesn't work.
I have it setup so that only some users can connect outside of the local network (defined in /etc/dovecot/remote_users). If they're not found there then it tries pam, but the issue is that it needs the remote ip to work (allow_nets=127.0.0.0/8,192.168.1.0/24). Since radicale doesn't provide it, it fails.
Is there a way to pass the remote ip to dovecot?
dovecot log
auth: Debug: pam(test_user): allow_nets: Matching for network 127.0.0.0/8
auth: Debug: pam(test_user): allow_nets: Matching for network 192.168.1.0/24
auth: pam(test_user): allow_nets check failed: Remote IP not known and 'local' missing
dovecot config
passdb {
driver = passwd-file
args = username_format=%Ln /etc/dovecot/remote_users
}
passdb {
driver = pam
override_fields = allow_nets=127.0.0.0/8,192.168.1.0/24
skip = authenticated
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
unix_listener auth-client {
path = /var/run/radicale/auth
mode = 0660
user = radicale
group = postfix
}
}
radicale config
[auth]
type = radicale_dovecot_auth
auth_socket = /var/run/radicale/auth
I think it might be possible to communicate the IP to dovecot, but I think radicale does not expose that kind of information to auth plugins.
Ah that's too bad. I have switched to apache doing the authorization with mod_authnz_external and doveadm auth. Thanks for the reply.