19 Sep
2005
19 Sep
'05
5:38 p.m.
Hi, I asked last week about an auth mechanism in 1.0alpha2 to reject specific userids or uids from authentication. Marco De Benedetto kindly suggested using passdb passwd-file for a rejection list. That didn't work and the Wiki for authentication makes it clear why: the multiple databases use OR for success instead of AND. So my test user failed with passdb passwd-file but succeeded with PAM, so he got in.
Any chance of having a "passdb deny" feature, whereby any userid or uid that appears there will be rejected without further authentication tests? Something like:
auth default { passdb deny { # path of file listing denied uids or userids args = /etc/dovecot.nonauth } passdb pam { (etc) }
Jeff Earickson Colby College