Re: [Dovecot] Per user based protocol access and pause after failed login?
Tere.
%c expands to "secured" or empty. So you could use eg. passdb pam { args = %s%c }
and create imap, imapsecured, pop3, pop3secured
More better, so for example user1 can access only imaps, using Yous suggestion, I have to list all users, except user1 in imap, pop3, pop3secured. But it should works also in other way, that by default all users are allowed to use all protocols and then I exclude user1 from imap, pop3, pop3secured. So I tried:
passdb pam { args = %s%c }
/etc/pam.d/ includes imap, imapsecured, pop3, pop3secured files which includes:
auth required
pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
and only imapsecured has this line:
auth required pam_listfile.so item=user sense=deny file=/etc/imapsusers onerr=succeed
and /etc/imapsusers includes user1
But now even pop user can't login:(.
-- Mart
On Sun, 2007-06-17 at 01:16 +0300, Mart Pirita wrote:
passdb pam { args = %s%c } .. But now even pop user can't login:(.
Oh, sorry. I forgot the %s%c doesn't work yet in 1.0.
So, the next possibility would be:
passdb passwd-file { args = /etc/dovecot/deny.%Ls.%c deny = yes }
And create /etc/dovecot/deny.imap.secured and put users there. And place that passdb before PAM.
participants (2)
-
Mart Pirita
-
Timo Sirainen