blocking logins at server
Scott Russell
lnxgeek at us.ibm.com
Fri Nov 1 18:17:20 EST 2002
On Fri, Nov 01, 2002 at 05:01:23PM -0500, Lawrence Greenfield wrote:
> Date: Wed, 30 Oct 2002 12:55:03 -0500
> From: twk <twk at ncsu.edu>
>
> We are running both 1.5.x and 2.1.x versions of Cyrus. I have a
> $#%$^#$%^ user that has his email client set to check every folder
> ever few seconds. I can't remove him from the password file, as we
> use Kerberos for authentication. I don't want to disable him in
> kerberos, just block his logins to the server. Is there any
> relatively straightforward way to do this?
>
> As you might've suspected, we've never implemented anything to do
> this. I've been down on the idea of adding an extra syscall every time
> through the cmdloop() just to add this functionality.
>
What about using iptables to handle this? You could do it on a simple
level by blocking the workstation IP / IMAP port or possibly getting a
bit more advanced block the userid / IMAP port. (I thought iptables
could look at strings inside packets and take action?)
--
Scott Russell (lnxgeek at us.ibm.com)
Linux Technology Center, System Admin, RHCE.
Dial 877-735-8200 then ask for 919-543-9289 (TTY)
More information about the Info-cyrus
mailing list