IMAPS with extra authorization.

Josef Karliak karliak at ajetaci.cz
Wed Jul 21 15:07:01 EDT 2010 

   Hi,
   thanks for tip.
   I've rebuilded pwdfile from src and installed it.
   File /etc/pam.d/imap is :
#%PAM-1.0
auth     include        common-auth
auth    sufficient pam_pwdfile.so pwdfile /var/spool/imap/imaps_users
account  include        common-account
password include        common-password
session  include        common-session

   By htpasswd2 added user to that file. But :
Jul 21 20:51:56 celer imaps[32486]: starttls: TLSv1 with cipher  
AES256-SHA (256/256 bits new) no authentication
Jul 21 20:52:00 celer pam_pwdfile[32382]: wrong password for user uzivatel
Jul 21 20:52:00 celer imaps[32486]: login: gprs10.vodafone.cz  
[217.77.165.57] uzivatel plaintext+TLS User logged in

   Seems like user in the file is known, but because it is a different  
password from the system (classic linux passwd user or NIS  
users/passwds), this is refused and used system user's password.  What  
am I doing wrong ? :-/.

   All this procedure is because users has weak passwords, so we let  
them in the company (using only IMAP), but if anybody want to has  
IMAPS from outside of company (from home, etc...) we force him to  
create strong password and let IMAPS authorize by this file. And it is  
not allowed to use anyone else authorization from IMAPS... Quuestion -  
is this possible at all ? :)

   Thanks.
   J.K.


Cituji Syren Baran <sb at bit-house.com>:

> Am Mittwoch, den 21.07.2010, 09:47 +0200 schrieb Josef Karliak:
>> Hi everybody,
>> we need to use another acounts (from extra file) for authorization for
>> IMAPS (from outside of company). IMAP stays authorized over saslauthd
>> (pam). How to solve this ? I'm out of the ideas :-/.
>
> Try libpam-pwdfile. Using this here on a debian box.
> Does exactly what you want ;)
>
> Just add a line like
> auth    sufficient pam_pwdfile.so pwdfile /path/to/file
> to /etc/pam.d/imap
>
> The file can be created simply enough (e.g. htpasswd).
>
> Greetings,
> Syren Baran
>
>
> +++++++++++++++++++++++++++++++++++++++++++
>
> Niederlassung Deutschland:
> BIT-HOUSE Ltd.
> internet professionals
> Erthalstr. 17
> 63739 Aschaffenburg
> Deutschland
>
> Amtsgericht:    Aschaffenburg
> HRB-Nr.:        9136
> St/Nr.:         204/104/60603
> USt-Id-Nr.:     DE814408164
> Gechäftsführer: Thomas Witzel
>
> +++++++++++++++++++++++++++++++++++++++++++
>
> Telefon:        +49.6021.8622-680
> VoIP:           +49.6021.8622-680
> Fax:            +49.6021.8622-676
> E-Mail:         mail at bit-house.com
> Homepage: www.bit-house.com
>
> +++++++++++++++++++++++++++++++++++++++++++
>
> Hauptsitz:
> BIT-HOUSE Ltd.
> 69 Great Hampton Street
> Birmingham
> West Midlands
> United Kingdom
>
> Registergericht: Companies House of Cardiff
> Registernummer:  05325636
> Registereintrag: United Kingdom
> Director: Thomas Witzel
>
> +++++++++++++++++++++++++++++++++++++++++++
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1336 bytes
Desc: =?iso-8859-2?b?VmX4ZWpu/Q==?= PGP
	=?iso-8859-2?b?a2zt6A==?=
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20100721/1ef6d7f6/attachment.bin

More information about the Info-cyrus mailing list