IMAP auths even without valid mailboxes.

Ezsra McDonald ezsra_mcdonald at yahoo.com
Mon Apr 4 11:17:44 EDT 2005 

Scott,

I was just browsing my LDAP schema. Where should if find
authorizedService?=20

--Ez

On Mon, 2005-04-04 at 09:33, Scott Balmos wrote:
> Use pam_ldap in conjunction with the pam_check_service_attr option in=20
> its config file. Then add authorizedService attributes for every PAM=20
> service you want. Cyrus can get especially fine-grained, because it has=
=20
> four separate PAM services (one each for POP3, IMAP, NNTP, and Sieve).=20
> See below for a section of my account LDIF. Note that SASL does not=20
> append "d" to its service entries, like you think it would. That screwe=
d=20
> me over the first time I tried to get this setup going.
>=20
> authorizedService: sshd
> authorizedService: ftpd
> authorizedService: imap
> authorizedService: pop
> authorizedService: nntp
> authorizedService: smtp
> authorizedService: sieve
>=20
> --Scott
>=20
> Ezsra McDonald wrote:
>=20
> >My current system is SuSe 8.1. This version of saslauthd was not
> >compiled with LDAP support. It currently hands off authentication to
> >pam_ldap. I have looked for the cyrus_sasl src RPM for the version I a=
m
> >running. I would rebuild it but apparently it is not available. It loo=
ks
> >like I will have to hack a later RPM and see if I can get it to work o=
n
> >SuSe 8.1.
> >
> >Does anyone know how to give pam_ldap a filter to use? That would be m=
y
> >quickest fix. I will be investigating that now.
> >
> >--Ez
> >
> >On Sun, 2005-04-03 at 14:07, Ond=C3=85=E2=84=A2ej Sur=C3=83=C2=BD wrot=
e:
> > =20
> >
> >>It's not task for IMAP server, but for SASL auth daemon.  You have to
> >>construct LDAP query in sasl so it allow only users which have mail t=
o
> >>login.  Either create some special flag in LDAP.
> >>
> >>F.E.: "ldap_filter: (&(uid=3D%u)(allowCyrusLogin=3Dtrue))" or somethi=
ng
> >>similar.
> >>
> >>Ondrej
> >>
> >>On Fri, 2005-04-01 at 13:02 -0800, Ezsra McDonald wrote:
> >>
> >>   =20
> >>
> >>>Is there a setting to tell IMAP not to allow
> >>>authenticated users who don't have cyrus accounts?
> >>>     =20
> >>>
>=20
>=20
--=20
Ezsra McDonald

......................................................................

Linux is like a wigwam -- no Gates, no Windows, and an Apache inside.

CONFIDENTIALITY NOTICE:
This E-mail and any attachments are confidential.  If you are not the
intended recipient, you do not have permission to disclose, copy,
distribute, or open any attachments.  If you have received this E-mail
in error, please notify us immediately by returning it to the sender=20
and delete this copy from your system.

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list