offering limited pop access
Andreas Winkelmann
ml at awinkelmann.de
Wed Oct 29 15:16:21 EDT 2008
> I offer an IMAP service to 12000 users, but we don't offer POP3.
>
> However, we have a blind person who has a braille computer, with POP3
> client, but no IMAP client.
>
> I've configured a perdition proxy which can give him POP, but not IMAP
> access. However, we're moving toward using Cyrus proxyd front end, with
> LDAP authentication (through SASL).
>
> Is there a way I can configure my murder cluster to perform a different
> IMAP lookup for POP3 authentication, compared to IMAP authentication. Or,
> is there some other way that I can restrict POP3 access to certain users?
>
> I've got configuration files at
> /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf
> which just says:
> pwcheck_method: saslauthd
> mech_list: plain
> I presume I need a pop.conf file that's similar, but can't find any
> documentation.
>
> and
> /local/cyrus-sasl-2.1.22/etc/saslauthd.conf
> which specifies how to access the LDAP servers.
>
> I want everything the same, but with a different value for ldap_filter.
> Can
> I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus
> configuration, instead?
If you want to use ldap for both cases, you have to use two diffrent
saslauthd's running.
I would think about a diffrent auxprop Backend for example sasldb with
only one entry for this User. Use the well hidden feature in your
imapd.conf and separate them with:
# SASL-COnfig only for pop3 Daemon
pop3_sasl_pwcheck_method: auxprop
pop3_sasl_auxprop_plugin: sasldb
pop3_sasl_mech_list: plain login cram-md5 digest-md5
and
# SASL-Config for all other Daemons
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain login
or you can use just:
sasl_pwcheck_method: auxprop saslauthd
sasl_auxprop_plugin: sasldb
This would look in both backends.
If you don't want to use sasldb and insist in using saslauthd, then
something like:
pop3_sasl_saslauthd_path: /path/to/second/saslauthd/mux
and configure a second independent instance of saslauthd with it's own
Configuration for this one User.
--
Andreas
More information about the Info-cyrus
mailing list