summaryrefslogtreecommitdiffstats
path: root/doc/wiki/Authentication.Mechanisms.Winbind.txt
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 17:36:47 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 17:36:47 +0000
commit0441d265f2bb9da249c7abf333f0f771fadb4ab5 (patch)
tree3f3789daa2f6db22da6e55e92bee0062a7d613fe /doc/wiki/Authentication.Mechanisms.Winbind.txt
parentInitial commit. (diff)
downloaddovecot-0441d265f2bb9da249c7abf333f0f771fadb4ab5.tar.xz
dovecot-0441d265f2bb9da249c7abf333f0f771fadb4ab5.zip
Adding upstream version 1:2.3.21+dfsg1.upstream/1%2.3.21+dfsg1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--doc/wiki/Authentication.Mechanisms.Winbind.txt35
1 files changed, 35 insertions, 0 deletions
diff --git a/doc/wiki/Authentication.Mechanisms.Winbind.txt b/doc/wiki/Authentication.Mechanisms.Winbind.txt
new file mode 100644
index 0000000..256a54d
--- /dev/null
+++ b/doc/wiki/Authentication.Mechanisms.Winbind.txt
@@ -0,0 +1,35 @@
+Winbind mechanisms
+==================
+
+Dovecot supports NTLM and GSS-SPNEGO authentication mechanisms using Samba
+[http://www.samba.org]'s winbind daemon. It is useful when you need to
+authenticate users against a Windows domain (either AD or NT).
+
+By default NTLM mechanism is handled internally. You can use winbind instead by
+setting:
+
+---%<-------------------------------------------------------------------------
+auth_use_winbind = yes
+---%<-------------------------------------------------------------------------
+
+The usernames, returned by winbind, can contain some domain part (either
+"DOMAIN\user" or "user@example.com"). Such usernames are always transformed to
+the form of "user@domain". To strip domain part (to obtain corresponding local
+username, for example), set:
+
+---%<-------------------------------------------------------------------------
+auth_username_format = %n
+---%<-------------------------------------------------------------------------
+
+Dovecot needs path to Samba's 'ntlm_auth' binary to perform the authentication.
+You can change the path with:
+
+---%<-------------------------------------------------------------------------
+auth_winbind_helper_path = /usr/bin/ntlm_auth
+---%<-------------------------------------------------------------------------
+
+Dovecot currently does blocking lookups, so if 'ntlm_auth' is slow on
+responding (e.g. network problems), Dovecot blocks all other authentication
+requests until it's finished.
+
+(This file was created from the wiki on 2019-06-19 12:42)