From b3bfc79c1247946452c24dff302a654d260d4320 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Wed, 18 Sep 2024 14:23:06 +0300
Subject: [PATCH 1/2] kerberos: Remove duplicate wrong auth_mechanisms setting

---
 docs/core/config/auth/mechanisms/kerberos.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/core/config/auth/mechanisms/kerberos.md b/docs/core/config/auth/mechanisms/kerberos.md
index 1169461c8..dec485bd5 100644
--- a/docs/core/config/auth/mechanisms/kerberos.md
+++ b/docs/core/config/auth/mechanisms/kerberos.md
@@ -116,7 +116,6 @@ ticket-based authentication, you will need something like:
 ```[dovecot.conf]
 auth_mechanisms = plain login gssapi
 auth_gssapi_hostname = "$ALL"
-auth_mechanisms = gssapi
 auth_krb5_keytab = /etc/dovecot/dovecot.keytab
 
 passdb pam {

From dcd11a2b1508f27e601e27722047a3eef8e83557 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Wed, 18 Sep 2024 14:24:31 +0300
Subject: [PATCH 2/2] Rename passdb_mechanisms to passdb_mechamisms_filter and
 "none" value to "lookup"

---
 data/settings.js                          | 8 ++++----
 data/updates.js                           | 2 +-
 docs/core/config/auth/databases/oauth2.md | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/data/settings.js b/data/settings.js
index ec8fa746d..904358610 100644
--- a/data/settings.js
+++ b/data/settings.js
@@ -9098,15 +9098,15 @@ The scheme that passwords are in the passdb, unless overridden by the passdb
 entry (typically by prefixing with \`{SCHEME}\`).`
 	},
 
-	passdb_mechanisms: {
+	passdb_mechanisms_filter: {
 		tags: [ 'passdb' ],
 		added: {
-			settings_passdb_mechanisms_added: false,
+			settings_passdb_mechanisms_filter_added: false,
 		},
 		values: setting_types.BOOLLIST,
 		text: `
 Skip the passdb if non-empty and the current auth mechanism is not listed here.
-If the value contains \`none\`, it matches for non-authenticating passdb
+If the value contains \`lookup\`, it matches for non-authenticating passdb
 lookups (e.g. lmtp/doveadm lookups).
 
 Example:
@@ -9114,7 +9114,7 @@ Example:
 \`\`\`[dovecot.conf]
 passdb passwd-file {
   driver = passwd-file
-  mechanisms = PLAIN LOGIN
+  mechanisms_filter = PLAIN LOGIN
   # ...
 }
 \`\`\``
diff --git a/data/updates.js b/data/updates.js
index c11a1d94c..2a89e3e31 100644
--- a/data/updates.js
+++ b/data/updates.js
@@ -135,7 +135,7 @@ export const updates = {
 	settings_mail_lua_added: '2.4.0',
 	settings_mailbox_special_use_changed: '2.4.0',
 	settings_metric_fields_changed: '2.4.0',
-	settings_passdb_mechanisms_added: '2.2.30',
+	settings_passdb_mechanisms_filter_added: '2.4.0',
 	settings_passdb_static_password_added: '2.4.0',
 	settings_passdb_username_filter_added: '2.2.30',
 	settings_service_idle_kill_changed: '2.3.21',
diff --git a/docs/core/config/auth/databases/oauth2.md b/docs/core/config/auth/databases/oauth2.md
index 932488d39..578e0f473 100644
--- a/docs/core/config/auth/databases/oauth2.md
+++ b/docs/core/config/auth/databases/oauth2.md
@@ -137,7 +137,7 @@ oauth2 {
 }
 
 passdb oauth2 {
-  mechanisms = plain login
+  mechanisms_filter = plain login
   oauth2 {
     # inherit common oauth2 settings from the global scope
     grant_url = http://localhost:8000/token