X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=conf.d%2F10-auth.conf;h=35679795197d28ea7d547c80f507f296201fbfeb;hb=6693b71c663930e35c2df3c6b368731694ee80ba;hp=d08f3453511da807fe9f608407962b5c7fe866f1;hpb=0637072e2f3a9898a6166b344587d9663f8ba632;p=sysconfig%2Fdovecot.git

diff --git a/conf.d/10-auth.conf b/conf.d/10-auth.conf
index d08f345..3567979 100644
--- a/conf.d/10-auth.conf
+++ b/conf.d/10-auth.conf
@@ -6,6 +6,7 @@
 # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
+# See also ssl=required setting.
 #disable_plaintext_auth = yes
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
@@ -36,7 +37,7 @@
 # an extra check to make sure user can't exploit any potential quote escaping
 # vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
 # set this value to empty.
-#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
+auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/
 
 # Username character translations before it's looked up from databases. The
 # value contains series of from -> to characters. For example "#@/@" means
@@ -47,7 +48,7 @@
 # the standard variables here, eg. %Lu would lowercase the username, %n would
 # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
 # "-AT-". This translation is done after auth_username_translation changes.
-#auth_username_format =
+#auth_username_format = %Lu
 
 # If you want to allow master users to log in by specifying the master
 # username within the normal username string (ie. not using SASL mechanism's
@@ -72,7 +73,7 @@
 # Kerberos keytab to use for the GSSAPI mechanism. Will use the system
 # default (usually /etc/krb5.keytab) if not specified. You may need to change
 # the auth service to run as root to be able to read this file.
-#auth_krb5_keytab = 
+auth_krb5_keytab = /etc/dovecot/olinda.keytab
 
 # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
 # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
@@ -96,7 +97,7 @@
 #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
 #   gss-spnego
 # NOTE: See also disable_plaintext_auth setting.
-auth_mechanisms = plain
+auth_mechanisms = plain login gssapi
 
 ##
 ## Password and user databases