[Dovecot] Different classes of user
john.robinson at anonymous.org.uk
Wed Feb 14 18:27:18 UTC 2007
On 14/02/2007 17:58, Chris Wakelin wrote:
> You could run two different Dovecot configurations simultaneously, one
> for SSL (not listening on the non-SSL ports) authenticating against
> shell or non-shell (having multiple passdb/authdbs probably) and one for
> non-SSL that authenticates only non-shell users. (This doesn't handle
> the TLS, alas, but most clients use SSL anyway, I think).
Yeah, but, yuk, and anyway I really would like to handle TLS over port 143.
The most generic way I can quickly see of adding this feature would be
to allow individual authentication processes, or different passdbs, a
flag for whether they are to be used with or without SSL/TLS (default:
either). Then people can have two authentication processes (or
whatever), one handling SSL/TLS-enabled logins, and one handling others.
In my case I could then use PAM for both but with different service names.
I'm sure I can't be the only person in the world who'd like to be able
to handle with/without TLS differently. In fact, this might be of
interest to almost anyone with both system and virtual users. Timo?
More information about the dovecot