offering limited pop access

Ian Eiloart iane at sussex.ac.uk
Thu Oct 30 06:42:45 EDT 2008 

Thanks, Andreas. That's probably enough to get me going.

Can I ask how you discovered the "well hidden feature" of imapd.conf? Is 
there proper documentation for this anywhere?

--On 29 October 2008 20:16:21 +0100 Andreas Winkelmann <ml at awinkelmann.de> 
wrote:

>> I offer an IMAP service to 12000 users, but we don't offer POP3.
>>
>> However, we have a blind person who has a braille computer, with POP3
>> client, but no IMAP client.
>>
>> I've configured a perdition proxy which can give him POP, but not IMAP
>> access. However, we're moving toward using Cyrus proxyd front end, with
>> LDAP authentication (through SASL).
>>
>> Is there a way I can configure my murder cluster to perform a different
>> IMAP lookup for POP3 authentication, compared to IMAP authentication. Or,
>> is there some other way that I can restrict POP3 access to certain users?
>>
>> I've got configuration files at
>> /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf
>> which just says:
>>     pwcheck_method: saslauthd
>>     mech_list: plain
>> I presume I need a pop.conf file that's similar, but can't find any
>> documentation.
>>
>> and
>> /local/cyrus-sasl-2.1.22/etc/saslauthd.conf
>> which specifies how to access the LDAP servers.
>>
>> I want everything the same, but with a different value for ldap_filter.
>> Can
>> I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus
>> configuration, instead?
>
> If you want to use ldap for both cases, you have to use two diffrent
> saslauthd's running.
>
> I would think about a diffrent auxprop Backend for example sasldb with
> only one entry for this User. Use the well hidden feature in your
> imapd.conf and separate them with:
>
># SASL-COnfig only for pop3 Daemon
> pop3_sasl_pwcheck_method: auxprop
> pop3_sasl_auxprop_plugin: sasldb
> pop3_sasl_mech_list: plain login cram-md5 digest-md5
>
> and
>
># SASL-Config for all other Daemons
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: plain login
>
> or you can use just:
>
> sasl_pwcheck_method: auxprop saslauthd
> sasl_auxprop_plugin: sasldb
>
> This would look in both backends.
>
> If you don't want to use sasldb and insist in using saslauthd, then
> something like:
>
> pop3_sasl_saslauthd_path: /path/to/second/saslauthd/mux
>
> and configure a second independent instance of saslauthd with it's own
> Configuration for this one User.



-- 
Ian Eiloart
IT Services, University of Sussex
x3148

More information about the Info-cyrus mailing list