diff --git a/data/settings.js b/data/settings.js index 68f522397..21e121206 100644 --- a/data/settings.js +++ b/data/settings.js @@ -10093,7 +10093,6 @@ auth_ssl_require_client_cert = yes }, ssl_cert_file: { - default: ' dovecot.conf * Usually it does not matter in which file you write the setting. You only need to be aware that later settings replace earlier ones. If you use the same section multiple times, the settings are merged together. -* To read the content of a file, for instance for the SSL certificate option, - prefix the filename with a `<`, e.g.: - -```[dovecot.conf] -ssl_cert_file = /etc/ssl/certs/imap.pem -``` ## Authentication -By default, Dovecot is setup to use system user authentication. -You'll probably be using PAM authentication. See the page [[link,auth_pam]] -for how to configure it. +The above example configures Dovecot to use PAM for system user authentication. +See [[link,auth_pam]] for how to configure it. A typical configuration with Linux would be to create `/etc/pam.d/dovecot` which contains: @@ -127,8 +120,8 @@ Later when you know Dovecot is working, you can do it differently (see Run as your own non-root user: ```sh -echo "$USER:{PLAIN}password:$UID:$GID::$HOME" > users -sudo mv users /etc/dovecot/ +echo "$USER:{PLAIN}password" > passwd +sudo mv passwd /etc/dovecot/ # If SELinux is enabled: restorecon -v /etc/dovecot/users @@ -139,21 +132,17 @@ wish to use, but don't use any important password here as we'll be logging in with insecure plaintext authentication until [[link,ssl]] is configured. -Switch to passwd-file authentication by adding to `dovecot.conf`: +Switch to passwd-file authentication by replacing `passdb pam` in +`dovecot.conf` with `passdb passwd-file`: ``` passdb passwd-file { - default_password_scheme = CRYPT - passwd_file_path = /etc/dovecot/users -} - -userdb passwd-file { - passwd_file_path = /etc/dovecot/users + passwd_file_path = /etc/dovecot/passwd } ``` -Verify with `doveconf -n passdb userdb` that the output looks like -above (and there are no other passdbs or userdbs). +Verify with `doveconf -n passdb` that the output looks like +above (and there are no other passdbs and no userdbs). If you're using something else, see [[link,passdb]] and [[link,userdb]]. @@ -184,10 +173,10 @@ them than the defaults. ## SSL and Plaintext Authentication -If you intend to use SSL, set [[setting,ssl_cert_file]] and -[[setting,ssl_key_file]] settings. Otherwise set [[setting,ssl,no]]. +Configure SSL certificate and private key paths with [[setting,ssl_cert_file]] +and [[setting,ssl_key_file]] settings. -Easiest way to get SSL certificates built is to use Dovecot's +An easy way to build a self-signed test certificate is using Dovecot's `doc/mkcert.sh` script. For more information see [[link,ssl_configuration]]. By default [[setting,auth_allow_cleartext,no]], which means that Dovecot diff --git a/docs/core/man/doveconf.1.md b/docs/core/man/doveconf.1.md index a4a9d247e..a9652e361 100644 --- a/docs/core/man/doveconf.1.md +++ b/docs/core/man/doveconf.1.md @@ -94,7 +94,7 @@ configuration in easy human readable output. **-x** : Expand configuration variables (e.g. `$ENV:foo`) and show file contents - (from e.g. `ssl_cert = \