[Dovecot] Different classes of user

Chris Wakelin c.d.wakelin at reading.ac.uk
Wed Feb 14 17:58:08 UTC 2007

John Robinson wrote:
> Just bumping my own question. On 10/02/2007 03:01, I wrote:
> [...]
>>  What I want to arrange is for users with shell accounts not to be
>> succeed in logging in to Dovecot without using TLS/SSL. I'll have to
>> allow unencrypted logins (for non-shell users), but I want to
>> reject/refuse such a login from someone with a shell account.
> [...]
>> I've had a go but got it wrong. What should I do to get it right?
> Anyone? Please?
> Cheers,
> John.

You could run two different Dovecot configurations simultaneously, one
for SSL (not listening on the non-SSL ports) authenticating against
shell or non-shell (having multiple passdb/authdbs probably) and one for
non-SSL that authenticates only non-shell users. (This doesn't handle
the TLS, alas, but most clients use SSL anyway, I think).

Hope this helps,

Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094

More information about the dovecot mailing list