Sysadmin schrieb:
Actually I do not know wheter Dovecot can do it by itself. On my server I use a customized PAM-Module to authenticate and authorize my users. The module also performs a check on the host where the users comes from and checks wheter there is a rule to allow/deny access from this host.
It's sounds wonderful. Can You kindly share this customized pam module for me?
I would do if it could be helpful in any way for you, but I belive it won't fit your needs. It's an SQL-based PAM-Module with an DB2-Backend that is also highly customized to fit my customer-database.
If you have any experiences with writing PAM-Modules I'll give you the assistance you need.
All I do is to retrive the hostname and compare it with the database. A short example:
const char *Host = NULL; const char *User = NULL; char *SQL = NULL;
if ((pam_get_user(pamh, &User, NULL) != PAM_SUCCESS) || (User == NULL) return PAM_USER_UNKNOWN;
/* Retrive Password and authenticate user here */
if (pam_get_item(pamh, PAM_RHOST, (const void **)&Host) != PAM_SUCCESS) retrun PAM_AUTH_ERR;
/* Generate the query, 0.0.0.0 means the default rule for this user. Netmasks aren't supported. */ snprintf(SQL, strlen(User) + strlen(Host) + 106, "SELECT Rule FROM access_table WHERE User='%s' AND (Host='%s' OR Host='0.0.0.0') ORDER BY Host DESC LIMIT 0,1;", User, Host);
/* Execute query and process result here */
I would like to help more, but I can not - I hope you apologize this.
Bernd