How to restrict pop/imap access by user/group names

former03 | Baltasar Cevc baltasar.cevc at
Tue Aug 15 19:21:35 EDT 2006

Hi Kai,

On 15.08.2006, at 19:11, Kai Wang wrote:
> Thanks, Baltasar . I understood the main idea. Currently we use one 
> imapd.conf file. We configured cyrus -> saslauthd -> pam -> (cas) ldap 
> to do authentication. We want to use pam.cas but haven't tested it 
> yet. We can not do a select statement. Do you have any idea about 
> this?
Using that setup I don't think you can achieve what you want. You need 
some point where you can fetch that information and saslauthd is a 
single instance which will always produce the same SASL result for the 
same user/password combination. Even if you could work around that 
(using multiple instances), you'd have to configure different PAM 
services to pass on the information.

So the way you should go is to check whether hte ldap auxprop plugin 
gives you some mechnism to restrict answers.


Baltasar Cevc

_____ former 03 gmbh
_____ infanteriestraße 19 haus 6 eg
_____ D-80797 muenchen


More information about the Info-cyrus mailing list