On 14/02/2007 17:58, Chris Wakelin wrote:
You could run two different Dovecot configurations simultaneously, one for SSL (not listening on the non-SSL ports) authenticating against shell or non-shell (having multiple passdb/authdbs probably) and one for non-SSL that authenticates only non-shell users. (This doesn't handle the TLS, alas, but most clients use SSL anyway, I think).
Yeah, but, yuk, and anyway I really would like to handle TLS over port 143.
The most generic way I can quickly see of adding this feature would be to allow individual authentication processes, or different passdbs, a flag for whether they are to be used with or without SSL/TLS (default: either). Then people can have two authentication processes (or whatever), one handling SSL/TLS-enabled logins, and one handling others. In my case I could then use PAM for both but with different service names.
I'm sure I can't be the only person in the world who'd like to be able to handle with/without TLS differently. In fact, this might be of interest to almost anyone with both system and virtual users. Timo?
Cheers,
John.