On Wed, 2007-02-14 at 18:27 +0000, John Robinson wrote:
The most generic way I can quickly see of adding this feature would be to allow individual authentication processes, or different passdbs, a flag for whether they are to be used with or without SSL/TLS (default: either). Then people can have two authentication processes (or whatever), one handling SSL/TLS-enabled logins, and one handling others. In my case I could then use PAM for both but with different service names.
I'm sure I can't be the only person in the world who'd like to be able to handle with/without TLS differently. In fact, this might be of interest to almost anyone with both system and virtual users. Timo?
There was a patch to add '%c' variable to dovecot-auth which would say "TLS" or "SSL" or "". Or something like that. However that couldn't be passed to PAM.
Yea, maybe the disable_plaintext_auth setting could be added inside passdbs. But not before v1.0, so you'll need to figure out another way to do this.