[horde] Refuse users without mailbox
Patrick Boutilier
boutilpj at ednet.ns.ca
Tue Mar 11 10:55:23 UTC 2008
Paul van der Vlis wrote:
> Patrick Boutilier schreef:
>> Paul van der Vlis wrote:
>>> Peter Meier schreef:
>>>> Hi
>>>>
>>>>> A customer has an installation with FTP-users and mail-users on the same
>>>>> authentication mechanism.
>>>>>
>>>>> He don't like the fact that FTP-users can login into Horde, and sent
>>>>> mail with it. FTP-users don't have a mailbox (I am using Cyrus IMAP),
>>>>> but they can login and send mail...
>>>>>
>>>>> Is there a way to refuse users without a mailbox?
>>>> how about using imap for authentication? or is there any need for
>>>> ftp-users to login horde?
>>> I use IMAP for authentication (I use IMP, and IMP uses IMAP). The IMAP
>>> authentication says "OK" for FTP-users, because it's the same user-base.
>>>
>> What is the authentication backend?
>
> In Cyrus IMAP I use saslauthd.
> In saslauthd I use PAM.
> And in PAM I use the traditional Unix authentication mechanism
> (pam_unix.so).
You should be able to use pam_require
(http://www.splitbrain.org/projects/pam_require). Make a group for your
mail users and put the users in that group. Then configure
/etc/pam.d/imap (or wherever your pam config is located) to use
pam_require to require that users that want to log into Cyrus be in that
group.
>
> With regards,
> Paul van der Vlis.
>
>
>
>
More information about the horde
mailing list