Hello,
I have some server configured soas to allow both insecure POP/IMAP and
POP/IMAP over SSL. We are using UW IMAP and PAM for authentication.
What I would like to do is force *selected* users to only be allowed to login
via the SSL ports. I know I can do this by putting these people on a
different server and either blocking the insecure ports or compiling imap/pop
to only allow SSL; however, this is not an option.... they have to stay on
the same server as other users who do want to use insecure logins.
So,
* Is there some way to use different PAM files for SSL and non-SSL
connections? If so, we could use PAM-Listfile to allow or deny access on a
per-user basis.
* Are there other suggestions that are clean?
I suppose a "dirty" solution would be to hack the authentication part of
imapd to do a pam-listfile similar thing ... knowing if the login is using
SSL or not. However, I prefer to keep my IMAPd code as close as possible to
the source distribution.
Any suggestions are very welcome.
Thank you,
-Erik Kangas
--
Erik Kangas, Ph.D. --- President of Lux Scientiae, Incorporated
[EMAIL PROTECTED] --- http://luxsci.com
Office Phone: 1-617-507-2162
Cell Phone: 1-617-596-9558 P.O. Box 326
Luxsci Toll Free: 1-800-441-6612 Westwood, Massachusetts
LuxSci FAX: 1-413-332-0598 02090, USA
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
