Don't allow login for users without mailbox

Mike Nuss mnuss at ammasso.com
Wed Oct 27 09:48:41 EDT 2004


sol luna wrote:

>Hi,
>
>I have installed Cyrus IMAP 2.2.3 on a Debian GNU/Linux
>3.0r2 (Woody).
>
>Cyrus authentication is based on cyrus-sasl (2.1.18).
>Cyrus-sasl authentication is based on pam.
>And pam authentication is based on LDAP + unix accounts.
>
>When I do a login with a LDAP or unix user which not have
>cyrus mailbox, to the webmail horde/imp or with a telnet on
>the port 143, it works. And I would like that only users
>with cyrus mailbox can do a login.
>
>Is it possible to not allow imap authentication/login for
>LDAP or unix users which not have cyrus mailbox ?
>
>Thanks a lot!
>
>Hélène 
>  
>

I'm still new to this but I believe you need to change your cyrus-sasl 
authentication method.  If it's using PAM, which is using ldap+unix, it 
will allow any ldap or unix user to log in.

For example, I use:

sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
sasl_sasldb_path: /etc/sasldb2

Then add users to the SASL database with saslpasswd2.  For example, 
"saslpasswd2 -c -u domain.tld joeuser"

--Mike

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list