squirrelmail virtual username solution proposal

[sfrank]

hi everyone.

digging the mail archive and the forum i realized that many of us prefer squirrelmail as the webmail option to provide easy access to our customers to their mails using their browsers. i also realized that at this moment ISPConfig developers are way too busy to develop support to squirrelmail in a form so that users don't need to use their 'ugly' web[WEBID]-user format username but username@domain.tld format.

giving it some time i thought of an idea of creating a pam module which translates user@domain.tld according to postfix's virtualuser.db database to real username's with which the client can be authenticated.

please (ISPConfig developers) let me know if there's need for such a feature. i'd not like to work in parallel with you guys.

thanks.
frank

ps: the reason i'm not thinking of writing a squirrelmail auth plugin because in the pam module case other services can make use of this method, such as ftp or imap/pop daemons.

[sfrank]

even better. i have not looked at the mysql database of ISPConfig yet, but if we can keep all the info in mysql (username, password, shell, home dir, etc) leaving /etc/passwd intact we could easily use mysql pam module so none of the existing apps would need to know where they are getting the auth info from.

was this idea already inspected and discarded for performance reasons or other?

[falko]

Quote:

Originally Posted by sfrank

even better. i have not looked at the mysql database of ISPConfig yet, but if we can keep all the info in mysql (username, password, shell, home dir, etc) leaving /etc/passwd intact we could easily use mysql pam module so none of the existing apps would need to know where they are getting the auth info from.

was this idea already inspected and discarded for performance reasons or other?

The passwords aren't stored in the ISPConfig database, they are in /etc/shadow, that's why this solution won't work.

[sfrank]

Quote:

Originally Posted by falko

The passwords aren't stored in the ISPConfig database, they are in /etc/shadow, that's why this solution won't work.

Any intentions to make it that way in future releases? It'd not be difficult to write a script which copies/moves the already existing user info into the database if an upgrade occures.

But again, if for any reasons you're not a fan of such a solution I accept that. Shall I ask you to comment my first post in this topic too?

Thx in advance.
Frank

[till]

Quote:

Originally Posted by sfrank

even better. i have not looked at the mysql database of ISPConfig yet, but if we can keep all the info in mysql (username, password, shell, home dir, etc) leaving /etc/passwd intact we could easily use mysql pam module so none of the existing apps would need to know where they are getting the auth info from.

was this idea already inspected and discarded for performance reasons or other?

We have chosen to not store the passwords in mySQL for security reasons.

Also if you keep the passwords in two places you might get problems with synchronization if a password is changed on the shell.

If storing the passwords in DB can be disabled, it will be fine to have a additional PAM module for accessing the data from squirrelmail and other applications.