X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=conf.d%2F10-auth.conf;h=35679795197d28ea7d547c80f507f296201fbfeb;hb=b63bdb0e48a0fe03d37b84d09c996ba3dceeac6c;hp=beb6f73e693ca8fc7c0d0274f3f2c2270f1e0de2;hpb=62ea0507cc0ec50bc085ff8a5ae6fc5e1ff8314f;p=sysconfig%2Fdovecot.git

diff --git a/conf.d/10-auth.conf b/conf.d/10-auth.conf
index beb6f73..3567979 100644
--- a/conf.d/10-auth.conf
+++ b/conf.d/10-auth.conf
@@ -6,6 +6,7 @@
 # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
+# See also ssl=required setting.
 #disable_plaintext_auth = yes
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
@@ -36,7 +37,7 @@
 # an extra check to make sure user can't exploit any potential quote escaping
 # vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
 # set this value to empty.
-#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
+auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/
 
 # Username character translations before it's looked up from databases. The
 # value contains series of from -> to characters. For example "#@/@" means
@@ -47,7 +48,7 @@
 # the standard variables here, eg. %Lu would lowercase the username, %n would
 # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
 # "-AT-". This translation is done after auth_username_translation changes.
-#auth_username_format =
+#auth_username_format = %Lu
 
 # If you want to allow master users to log in by specifying the master
 # username within the normal username string (ie. not using SASL mechanism's
@@ -72,7 +73,7 @@
 # Kerberos keytab to use for the GSSAPI mechanism. Will use the system
 # default (usually /etc/krb5.keytab) if not specified. You may need to change
 # the auth service to run as root to be able to read this file.
-auth_krb5_keytab = /etc/dovecot/imap.keytab
+auth_krb5_keytab = /etc/dovecot/olinda.keytab
 
 # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
 # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
@@ -96,7 +97,7 @@ auth_krb5_keytab = /etc/dovecot/imap.keytab
 #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
 #   gss-spnego
 # NOTE: See also disable_plaintext_auth setting.
-auth_mechanisms = plain gssapi
+auth_mechanisms = plain login gssapi
 
 ##
 ## Password and user databases