[Imap-uw] denying logins

Mon, 09 Jul 2007 14:22:14 -0700 

Andy,
I'm looking for a method to disable imap/ipop logins, but not other acceess (i.e., still allow ssh, samba, etc). I'm thinking of using Andy's approach below (or perhaps, the opposite -- a group like 'nomail' and if they're not a member of the group, then allow login). Have you made any changes to your code below since implementing it? 

Or, does anyone have another method for denying IMAP and IPOP access?

Thanks...

Fred


--On June 6, 2007 10:36:02 AM -0700 Andy Lyttle <[EMAIL PROTECTED]> wrote:


OK, I've got something that seems to work!

I've added two lines to the pw_login() function in env_unix.c, so it
looks like this:

                                 /* make safe copies of user and home */
     if (user) user = cpystr (pw->pw_name);
     home = cpystr (home ? home : pw->pw_dir);
                                 /* user's primary group is "mailbox"? */
     if ((gr = getgrnam ("mailbox")) && (gr->gr_gid == pw->pw_gid))
                                 /* authorization ID .NE. authentication
ID? */
     if (user && auser && *auser && compare_cstring (auser,user)) {

Obviously if you wanted to make this general-purpose, you'd define the
group name to test somewhere else, and it may or may not be useful to
test secondary group membership instead of only looking at the primary
group.  But I think this works for me!

Thanks for your help.

~ Andy


On Jun 6, 2007, at 8:30 AM, Mark Crispin wrote:


On Wed, 6 Jun 2007, Andy Lyttle wrote:

What's the best way to configure imapd/ipop3d to deny user logins
unless the user is a member of a particular group?


The best routine to make such a check is pw_login() in env_unix.c.
Note the existing code that checks the list of mail administrators.

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.


_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw




Fred Seaton
Research & Instructional Consultant, Senior UNIX Specialist
University Computer Support Services
Western Illinois University
126 Stipes Hall
Macomb, IL  61455
309-298-1177

_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw






















					Reply via email to