we have a very simple user-/passdb (like passwd) to authenticate virtual IMAP users. We also use this for Postfix authentication. Nothing special.
But, we need to exclude some of the users from IMAP login.
How could this be done?
There's a facility to add arbitrary code to the imap login process, e.g., in "10-master.conf":
service imap-postlogin { executable = script-login /local/bin/imap-wrapper user = $default_internal_user unix_listener imap-postlogin { } }
In our case, "/local/bin/imap-wrapper" is a Perl script that checks the user's login shell, and if it is one of our "blocked" shells, returns:
print "* NO [ALERT] Your account has expired, and access to it has been suspended. ".$msg_helpdesk_refer; exit 1;
otherwise it execs the command given in its arguments.
More info is at: https://doc.dovecot.org/admin_manual/post_login_scripting/
Anne.
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 anne@encs.concordia.ca +1 514 848-2424 x2285