[Dovecot] Different classes of user

Timo Sirainen tss at iki.fi
Wed Feb 14 18:39:48 UTC 2007


On Wed, 2007-02-14 at 18:27 +0000, John Robinson wrote:
> 
> The most generic way I can quickly see of adding this feature would
> be 
> to allow individual authentication processes, or different passdbs, a 
> flag for whether they are to be used with or without SSL/TLS
> (default: 
> either). Then people can have two authentication processes (or 
> whatever), one handling SSL/TLS-enabled logins, and one handling
> others. 
> In my case I could then use PAM for both but with different service
> names.
> 
> I'm sure I can't be the only person in the world who'd like to be
> able 
> to handle with/without TLS differently. In fact, this might be of 
> interest to almost anyone with both system and virtual users. Timo? 

There was a patch to add '%c' variable to dovecot-auth which would say
"TLS" or "SSL" or "". Or something like that. However that couldn't be
passed to PAM.

Yea, maybe the disable_plaintext_auth setting could be added inside
passdbs. But not before v1.0, so you'll need to figure out another way
to do this.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070214/f0093b97/attachment.pgp 


More information about the dovecot mailing list