API tools faq
paste
Advertisement
SipriusPT

10-auth.conf

SipriusPT
Jan 19th, 2017
411
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.35 KB | None | 0 0
raw download clone embed print report
  1. ##
  2. ## Authentication processes
  3. ##
  4. ## Version 2.2.x (AR14759611)
  5.  
  6. # --------------------------------------------------------------------
  7. # *** Please read this section before modifying this file ***
  8. #
  9. # Several of the keys and values within this file are modified by
  10. # Apple's Server Admin application. Each key that is automatically
  11. # modified by the Server Admin app is identified with a comment
  12. # preceding the key with this note:
  13. #
  14. # Note: This key is managed by Server Admin. See above before making changes
  15. #
  16. # --------------------------------------------------------------------
  17.  
  18. # Disable LOGIN command and all other plaintext authentications unless
  19. # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
  20. # matches the local IP (ie. you're connecting from the same computer), the
  21. # connection is considered secure and plaintext authentication is allowed.
  22. # See also ssl=required setting.
  23.  
  24. # By default cames with yes
  25. disable_plaintext_auth = no
  26.  
  27. # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
  28. # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
  29. #auth_cache_size = 0
  30. # Time to live for cached data. After TTL expires the cached record is no
  31. # longer used, *except* if the main database lookup returns internal failure.
  32. # We also try to handle password changes automatically: If user's previous
  33. # authentication was successful, but this one wasn't, the cache isn't used.
  34. # For now this works only with plaintext authentication.
  35. #auth_cache_ttl = 1 hour
  36. # TTL for negative hits (user not found, password mismatch).
  37. # 0 disables caching them completely.
  38. #auth_cache_negative_ttl = 1 hour
  39.  
  40. # Space separated list of realms for SASL authentication mechanisms that need
  41. # them. You can leave it empty if you don't want to support multiple realms.
  42. # Many clients simply use the first one listed here, so keep the default realm
  43. # first.
  44. # Note: This key is managed by Server Admin. See above before making changes
  45. auth_realms = x-Mac-Pro.local
  46.  
  47. # Default realm/domain to use if none was specified. This is used for both
  48. # SASL realms and appending @domain to username in plaintext logins.
  49. #auth_default_realm =
  50.  
  51. # List of allowed characters in username. If the user-given username contains
  52. # a character not listed in here, the login automatically fails. This is just
  53. # an extra check to make sure user can't exploit any potential quote escaping
  54. # vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
  55. # set this value to empty.
  56. #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
  57.  
  58. # Username character translations before it's looked up from databases. The
  59. # value contains series of from -> to characters. For example "#@/@" means
  60. # that '#' and '/' characters are translated to '@'.
  61. #auth_username_translation =
  62.  
  63. # Username formatting before it's looked up from databases. You can use
  64. # the standard variables here, eg. %Lu would lowercase the username, %n would
  65. # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
  66. # "-AT-". This translation is done after auth_username_translation changes.
  67. auth_username_format = %n
  68.  
  69. # If you want to allow master users to log in by specifying the master
  70. # username within the normal username string (ie. not using SASL mechanism's
  71. # support for it), you can specify the separator character here. The format
  72. # is then <username><separator><master username>. UW-IMAP uses "*" as the
  73. # separator, so that could be a good choice.
  74. #auth_master_user_separator =
  75.  
  76. # Username to use for users logging in with ANONYMOUS SASL mechanism
  77. #auth_anonymous_username = anonymous
  78.  
  79. # Maximum number of dovecot-auth worker processes. They're used to execute
  80. # blocking passdb and userdb queries (eg. MySQL and PAM). They're
  81. # automatically created and destroyed as needed.
  82. #auth_worker_max_count = 30
  83.  
  84. # Host name to use in GSSAPI principal names. The default is to use the
  85. # name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
  86. # entries.
  87. # Note: This key is managed by Server Admin. See above before making changes
  88. auth_gssapi_hostname = "$ALL"
  89.  
  90. # Kerberos keytab to use for the GSSAPI mechanism. Will use the system
  91. # default (usually /etc/krb5.keytab) if not specified. You may need to change
  92. # the auth service to run as root to be able to read this file.
  93. #auth_krb5_keytab =
  94.  
  95. # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
  96. # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
  97. #auth_use_winbind = no
  98.  
  99. # Path for Samba's ntlm_auth helper binary.
  100. #auth_winbind_helper_path = /usr/bin/ntlm_auth
  101.  
  102. # Time to delay before replying to failed authentications.
  103. #auth_failure_delay = 2 secs
  104.  
  105. # Require a valid SSL client certificate or the authentication fails.
  106. # Note: This key is managed by Server Admin. See above before making changes
  107. #auth_ssl_require_client_cert = no
  108.  
  109. # Take the username from client's SSL certificate, using
  110. # X509_NAME_get_text_by_NID() which returns the subject's DN's
  111. # CommonName.
  112. # Note: This key is managed by Server Admin. See above before making changes
  113. #auth_ssl_username_from_cert = no
  114.  
  115. # Space separated list of wanted authentication mechanisms:
  116. # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
  117. # gss-spnego
  118. # NOTE: See also disable_plaintext_auth setting.
  119.  
  120. #auth_mechanisms = digest-md5 cram-md5 gssapi apop
  121. auth_mechanisms = digest-md5 cram-md5 gssapi plain
  122.  
  123. ##
  124. ## Password and user databases
  125. ##
  126.  
  127. #
  128. # Password database is used to verify user's password (and nothing more).
  129. # You can have multiple passdbs and userdbs. This is useful if you want to
  130. # allow both system users (/etc/passwd) and virtual users to login without
  131. # duplicating the system users into virtual database.
  132. #
  133. # <doc/wiki/PasswordDatabase.txt>
  134. #
  135. # User database specifies where mails are located and what user/group IDs
  136. # own them. For single-UID configuration use "static" userdb.
  137. #
  138. # <doc/wiki/UserDatabase.txt>
  139.  
  140. #!include auth-deny.conf.ext
  141. #!include auth-master.conf.ext
  142.  
  143. #!include auth-system.conf.ext
  144. #!include auth-sql.conf.ext
  145. #!include auth-ldap.conf.ext
  146. !include auth-od.conf.ext
  147. !include auth-submit.conf.ext
  148. #!include auth-passwdfile.conf.ext
  149. #!include auth-checkpassword.conf.ext
  150. #!include auth-vpopmail.conf.ext
  151. #!include auth-static.conf.ext
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!