cyrus user limiting

Andrew Koros akoros at ke.uu.net
Tue Jul 8 06:12:50 EDT 2003 

Hi,

Did you try to restrict cyrus with tcp_wrappers and it actually failed?
Maybe you should post this question to cyrus mailing list:
info-cyrus at andrew.cmu.edu and maybe others have some nice ideas 

On Tue, 2003-07-08 at 14:04, martynas at inet.lt wrote:
> But with tcp_wrappers you can restrict only clients username (not the
> username supplied for authentification). tcp_wrappers gets username from
> identd (auth) service. This is different things I think.
> 
> Martynas
> 
> 
> --- Andrew Koros <akoros at ke.uu.net> wrote:
> > I don't know which cyrus-imapd you are using but the cyrus-imapd package
> > by Simon Matter is compiled with tcp-wrappers. If you compiled
> > syrus-imapd from source it's possible to build configure with
> > tcp-wrappers.
> > 
> > Once built with tcp-wrappers, Using your /etc/hosts.deny and
> > /etc/hosts.allow you can restrict imap service to only some network e.g
> > 
> > /etc/hosts.deny:
> >           ALL: ALL
> > 
> >  /etc/hosts.allow:
> >           ALL: LOCAL @some_netgroup
> >           imap: .foobar.edu EXCEPT cyrus at ALL
> > 
> > 
> > please look at "man hosts.allow" for more details.
> > 
> > On Mon, 2003-07-07 at 19:24, martynas at inet.lt wrote:
> > > Hello,
> > > 
> > > Coudl You help me once more?;)
> > > I have such problem: I use cyrus+web-cyradm+ authentification using
> > saslauthd
> > > + pam(mech = pam). The problem is: how to restrict cyrus user to
> localhost
> > > only. I tried to use pam_access and pam_listfile module, but without
> > success.
> > > Then I moved cyrus user from mysql db to system users. And then again
> > tried
> > > to restrict using pam_access, pam_listfile, pam_if modules. But without
> > > success again. When cyrus user is in mysql, then it seems like pam does
> > not
> > > get remote host (rhost) and tty. But how then, when I moved cyrus to
> > system.
> > > Maybe You resolved this problem? Because in standart instalation, there
> is
> > > possibility to login with cyrus user trough imap from internet and then
> > hack
> > > cyrus. So, could you help to restrict cyrus to localhost?
> > > 
> > > Thank You
> > > Regards,
> > > 
> > > Martynas Bieliauskas
> > -- 
> > Andrew Koros
> > Developer, Systems Services
> > UUNET (Kenya) Ltd
> > http://www.uunet.co.ke
> > Tel: +254 2 69088618
> > Fax: +254 2 69088001
> > Email: akoros at ke.uu.net   
> > 
> > 
> > NOTICE: This e-mail message and all attachments transmitted with it may
> > contain legally privileged and confidential information intended solely
> > for the use of the addressee. If the reader of this message is not the
> > intended recipient, you are hereby notified that any reading,
> > dissemination, distribution, copying, or other use of this message or
> > its attachments is strictly prohibited. If you have received this
> > message in error, please notify the sender immediately by electronic
> > mail, and delete this message and all copies and backups thereof. Thank
> > you.
> > 
-- 
Andrew Koros
Developer, Systems Services
UUNET (Kenya) Ltd
http://www.uunet.co.ke
Tel: +254 2 69088618
Fax: +254 2 69088001
Email: akoros at ke.uu.net   


NOTICE: This e-mail message and all attachments transmitted with it may
contain legally privileged and confidential information intended solely
for the use of the addressee. If the reader of this message is not the
intended recipient, you are hereby notified that any reading,
dissemination, distribution, copying, or other use of this message or
its attachments is strictly prohibited. If you have received this
message in error, please notify the sender immediately by electronic
mail, and delete this message and all copies and backups thereof. Thank
you.

More information about the Info-cyrus mailing list