[Dovecot] Different classes of user

John Robinson john.robinson at anonymous.org.uk
Wed Feb 14 18:27:18 UTC 2007

On 14/02/2007 17:58, Chris Wakelin wrote:
> You could run two different Dovecot configurations simultaneously, one
> for SSL (not listening on the non-SSL ports) authenticating against
> shell or non-shell (having multiple passdb/authdbs probably) and one for
> non-SSL that authenticates only non-shell users. (This doesn't handle
> the TLS, alas, but most clients use SSL anyway, I think).

Yeah, but, yuk, and anyway I really would like to handle TLS over port 143.

The most generic way I can quickly see of adding this feature would be 
to allow individual authentication processes, or different passdbs, a 
flag for whether they are to be used with or without SSL/TLS (default: 
either). Then people can have two authentication processes (or 
whatever), one handling SSL/TLS-enabled logins, and one handling others. 
In my case I could then use PAM for both but with different service names.

I'm sure I can't be the only person in the world who'd like to be able 
to handle with/without TLS differently. In fact, this might be of 
interest to almost anyone with both system and virtual users. Timo?



More information about the dovecot mailing list