[Dovecot] Different classes of user
Timo Sirainen
tss at iki.fi
Wed Feb 14 18:39:48 UTC 2007
On Wed, 2007-02-14 at 18:27 +0000, John Robinson wrote:
>
> The most generic way I can quickly see of adding this feature would
> be
> to allow individual authentication processes, or different passdbs, a
> flag for whether they are to be used with or without SSL/TLS
> (default:
> either). Then people can have two authentication processes (or
> whatever), one handling SSL/TLS-enabled logins, and one handling
> others.
> In my case I could then use PAM for both but with different service
> names.
>
> I'm sure I can't be the only person in the world who'd like to be
> able
> to handle with/without TLS differently. In fact, this might be of
> interest to almost anyone with both system and virtual users. Timo?
There was a patch to add '%c' variable to dovecot-auth which would say
"TLS" or "SSL" or "". Or something like that. However that couldn't be
passed to PAM.
Yea, maybe the disable_plaintext_auth setting could be added inside
passdbs. But not before v1.0, so you'll need to figure out another way
to do this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070214/f0093b97/attachment.pgp
More information about the dovecot
mailing list