Don't allow login for users without mailbox
Mike Nuss
mnuss at ammasso.com
Wed Oct 27 09:48:41 EDT 2004
sol luna wrote:
>Hi,
>
>I have installed Cyrus IMAP 2.2.3 on a Debian GNU/Linux
>3.0r2 (Woody).
>
>Cyrus authentication is based on cyrus-sasl (2.1.18).
>Cyrus-sasl authentication is based on pam.
>And pam authentication is based on LDAP + unix accounts.
>
>When I do a login with a LDAP or unix user which not have
>cyrus mailbox, to the webmail horde/imp or with a telnet on
>the port 143, it works. And I would like that only users
>with cyrus mailbox can do a login.
>
>Is it possible to not allow imap authentication/login for
>LDAP or unix users which not have cyrus mailbox ?
>
>Thanks a lot!
>
>Hélène
>
>
I'm still new to this but I believe you need to change your cyrus-sasl
authentication method. If it's using PAM, which is using ldap+unix, it
will allow any ldap or unix user to log in.
For example, I use:
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
sasl_sasldb_path: /etc/sasldb2
Then add users to the SASL database with saslpasswd2. For example,
"saslpasswd2 -c -u domain.tld joeuser"
--Mike
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list