Ban some users from accessing IMAP
Jason L Tibbitts III
tibbs at math.uh.edu
Mon Apr 28 12:18:30 EDT 2014
I have a pretty simple cyrus setup; I have a long-running 2.3.16 install
on RHEL5 (one day I'll update), with authentication handled by
cyrus-sasl 2.1.22 and everything authenticating to a kerberos server.
What I would like to do is ban some valid users from accessing IMAP.
We've had a rash of users falling victim to phishing attacks and would
like to simply prevent those users from any remote access. So they need
a valid kerberos principal in order to access desktops here, but would
lose IMAP access. (Need to ban remote SSH access as well, but that's
trivial with DenyGroups).
I know this probably isn't strictly a Cyrus IMAPd thing, but I figure
some folks must have run into this kind of requirement before. I
realize I also need to restrict SMTP logins as well, but that goes
through SASL and the Kerberos server as well so if the solution involves
either of those then perhaps I get it for free.
- J<
More information about the Info-cyrus
mailing list