Restricting admin logins

Alain Spineux aspineux at gmail.com
Thu Nov 29 09:54:29 EST 2007


On Nov 29, 2007 3:15 PM, Andy Fiddaman <cyrus at fiddaman.net> wrote:
>
> At the moment we patch the Cyrus IMAP server source so that administrators
> (admins in the config file) can only log in from certain IP addresses.
>
> I was wondering if there is a better way to do this or whether some means
> of achieving this is planned for future releases?

Yes have 3 imapd.conf, all common option in one imapd_common.conf
and @include this file in the two other with different admins options
Then start two different port and some firewall rules to achieve your need.

>
> We have two patches we currently use:
>
> 1/ adds a new flag to imapd which means 'do not allow administrative
> logins' and we use this flag on the instance on port 143 but not on
> another instance on port 144. Port 144 can then be firewalled to everyone
> apart from our administrative clients.
>
> 2/ adds a new config file option 'admins_ip' which is a list of subnets
> from which administrative logins are permitted.
>
> If it would be of benefit I would be happy to clean up either of these and
> submit it to the developers.
>
> Thanks,
>
> Andy
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>



-- 
Alain Spineux
aspineux gmail com
May the sources be with you


More information about the Info-cyrus mailing list