[Dovecot] Dovecot's as ip/user based login filter?
Bernd Holzmüller
tigger at tiggerswelt.net
Mon Apr 10 14:40:27 EEST 2006
Sysadmin schrieb:
> > Actually I do not know wheter Dovecot can do it by itself.
> > On my server I use a customized PAM-Module to authenticate and authorize
> > my users. The module also performs a check on the host where the users
> > comes from and checks wheter there is a rule to allow/deny access from
> > this host.
>
> It's sounds wonderful. Can You kindly share this customized pam module
> for me?
I would do if it could be helpful in any way for you, but I belive it
won't fit your needs. It's an SQL-based PAM-Module with an DB2-Backend
that is also highly customized to fit my customer-database.
If you have any experiences with writing PAM-Modules I'll give you the
assistance you need.
All I do is to retrive the hostname and compare it with the database.
A short example:
const char *Host = NULL;
const char *User = NULL;
char *SQL = NULL;
if ((pam_get_user(pamh, &User, NULL) != PAM_SUCCESS) || (User == NULL)
return PAM_USER_UNKNOWN;
/* Retrive Password and authenticate user here */
if (pam_get_item(pamh, PAM_RHOST, (const void **)&Host) != PAM_SUCCESS)
retrun PAM_AUTH_ERR;
/*
Generate the query, 0.0.0.0 means the default rule for this user.
Netmasks aren't supported.
*/
snprintf(SQL, strlen(User) + strlen(Host) + 106,
"SELECT Rule FROM access_table WHERE User='%s' AND
(Host='%s' OR Host='0.0.0.0') ORDER BY Host DESC LIMIT 0,1;", User, Host);
/* Execute query and process result here */
I would like to help more, but I can not - I hope you apologize this.
Bernd
More information about the dovecot
mailing list