[Dovecot] Pam as ip/user based login filter - working.
sysadmin at e-positive.ee
Thu Apr 13 10:42:30 EEST 2006
As I told once, I have firewall protected network in which also mailserver
(dovecot/postfix) runs, and every local user with account, can access it. Now I
have some privileged users which need access also from outside, true firewall:
let the group1 members access mailserver from 0.0.0.0/0
let the group2 members access mailserver from 18.104.22.168/24
group1 members are also members of group2 and logically group1 members should
access mailserver from every network, including 22.214.171.124/24 and group1 members
should access mailserver only from 126.96.36.199/24 network.
So I try'd to make this happend with dovecot, made a separate passwd file and
configured dovecot to use it:
dovecot: Apr 11 13:42:48 Info: auth(default): passwd-file
/etc/dovecot.outusers: Read 2 users
Still connecting from 172.17.25.3 to both accounts worked well so seems the code
So next step to do it, was pam:
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
account required pam_access.so
And it works. Maybe this information is useful for someone.
More information about the dovecot