[Dovecot] Per user based protocol access and pause after failed login?

Mart Pirita sysadmin at e-positive.ee
Sun Jun 17 01:16:45 EEST 2007


Tere.
> %c expands to "secured" or empty. So you could use eg.
> passdb pam {
>   args = %s%c
> }
>
> and create imap, imapsecured, pop3, pop3secured
>
>   
More better, so for example user1 can access only imaps, using Yous 
suggestion, I have to list all users, except user1 in imap, pop3, 
pop3secured.
But it should works also in other way, that by default all users are 
allowed to use all protocols and then I exclude user1 from imap, pop3, 
pop3secured. So I tried:

passdb pam {
  args = %s%c
}

/etc/pam.d/ includes imap, imapsecured, pop3, pop3secured files which 
includes:

auth       required     
pam_nologin.so                                                                             

auth       required     pam_stack.so 
service=system-auth                                                           

account    required     pam_stack.so 
service=system-auth                                                           

session    required     pam_stack.so service=system-auth

and only imapsecured has this  line:

auth required pam_listfile.so item=user sense=deny file=/etc/imapsusers 
onerr=succeed

and /etc/imapsusers includes user1

But now even pop user can't login:(.

-- 
Mart



More information about the dovecot mailing list