Open f1-outsourcing opened 5 years ago
jrse
commented
5 years ago This depends on your dovecot configuration I think. Imap/pop3/lmtp/smtp process opens the ceph connection. So the user configured for this processes needs access to the ceph config and keyfiles.
jrse
commented
5 years ago i checked again. We only tested the plugin with virtual users. Currently we are opening the ceph connection as late as possible to save resources. It may be possible to move the open connection forward e.g. to the plugin init function. With some luck this could allow us to read the ceph certificate and configuration with the dovecot user. But this is untried yet.
I have noticed that not the dovecot user, but all user accounts need to have access to the ceph.client.mail.keyring. Thus when I was testing with user test, test needed to have read access to the keyring file. I am not sure this is a desirable situation. I would prefer that the access to this file is limited to eg the dovecot user.