[BlueOnyx:25626] Re: Mail server problem with Outlook
Michael Stauber
mstauber at blueonyx.it
Tue Sep 20 17:53:16 -05 2022
Hi Ken,
> On a server that just does email, there's no reason that a username can't be pretty much whatever you want, @ is just another character.
All authentication services on an RHEL box (and clones) use PAM
(Pluggable Authentication Mechanism). Which ties into the user and
password authentication mechanism (/etc/passwd, /etc/shadow).
And /etc/passwd has usernames, not email addresses.
The email addresses are stored in the MTA (Postfix, Sendmail, whatever)
configuration files and there you actually have a mapping, where the
email addresses are mapped to individual Linux usernames.
That way: When email comes in, the MTA has a way to do lookups to see
which Linux user the email is supposed to go to.
So allowing the email address as authorization token (instead of the
Linux username) is an added layer of unnecessary complexity. Because now
we can't just ask PAM directly, but have to query the MTA for the Linux
username and then stuff that into PAM.
So sure, it can be done. But it makes nothing easier or better or more
secure. /shrug
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list