Re: Restrict IMAP usage to certain hosts

• Previous message: Andrew Morgan: "RE: intergrate cyrus and postfix"
• Maybe in reply to: Bart Boelaert: "Restrict IMAP usage to certain hosts"
• Next in thread: Edward Rudd: "Re: Restrict IMAP usage to certain hosts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

Frankly, I'd ask you to justify having to meet both conditions.
If they can use Webmail, why not let them use a "real" client?
That's what we do here at NCSU.

That said, since you say you can meet condition 1, You might
create a proxy user who does all logins from the Webmail service.
Users would/should still have to authenticate to Webmail. After they
do that the proxy user actually logs in to the IMAP server. This would
probably take some work writing code on the webmail side of things
though in order to make sure users don't do things to other users.
Unless of course a webmail client already supports doing this.

Regards,
Earl Shannon

Bart Boelaert wrote:
> Hello all,
>
> Cyrus IMAP relies on Cyrus SASL for authentication purposes. I now want to
> set-up the following configuration :
> 1) Certain users should be allowed IMAP access from any host, all other
> users should use POP3
> 2) IMAP access should be allowed for all users, when they check their e-mail
> via webmail (which retrieves the mail via IMAP). Webmail is installed on a
> web server located near the mail server.
>
> Currently saslauthd uses PAM and PAM connects to a MySQL database in order
> to verify the login credentials. There's also a PAM listfile that
> allows/denies access based on the service and username supplied by saslauthd
> (so, condition 1 is met).
>
> So far, I didn't succeed in meeting condition 2. I already discovered
> (correct me if I'm wrong) that the saslauthd does not pass the remote host
> to PAM. Filtering on the remote host via a listfile would otherwise have
> solved my problem.
>
> Can anyone give me an alternative for meeting both condition 1 and 2?
>
>
> Thanks in advance!
>
>
> Bart.
>
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

-- 
Systems Programmer ,Information Technology Division
NC State University.
http://www.earl.ncsu.edu
Anonymous child "Some people can tell the time by looking at the sun,
		 but I have trouble seeing the numbers."
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

• Previous message: Andrew Morgan: "RE: intergrate cyrus and postfix"
• Maybe in reply to: Bart Boelaert: "Restrict IMAP usage to certain hosts"
• Next in thread: Edward Rudd: "Re: Restrict IMAP usage to certain hosts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]