- Previous message: John Madden: "Re: Migrate all to skiplist?"
- Maybe in reply to: Paul van der Vlis: "Refusing users without a mailbox?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Paul van der Vlis (no email)
Date: Wed Mar 12 2008 - 14:28:38 EDT
Patrick Boutilier schreef:
> Paul van der Vlis wrote:
>> Hello,
>>
>> A customer is using a system with a mailserver and a FTP-server on one
>> machine.
>>
>> Now a FTP-user found out, that he can login with his FTP-username and
>> password into the webmail (Horde/IMP), and send mail.
>>
>> FTP-users do not have a mailbox. Is there a way to make the
>> authentication "not OK" for users without a mailbox?
>> Or only "OK" for users who are member of a group?
>
> You should be able to use pam_require
> (http://www.splitbrain.org/projects/pam_require). Make a group for your
> mail users and put the users in that group. Then configure
> /etc/pam.d/imap (or wherever your pam config is located) to use
> pam_require to require that users that want to log into Cyrus be in that
> group.
It's a good idea and I can do it. But my distribution (Debian) does not
support this pam-module, so I have no security support.
But I found pam_group, part of libpam-modules. This seems to do what I want.
With regards,
Paul van der Vlis.
-- http://www.vandervlis.nl/ ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|