Hi folks...
I've just discovered some behaviour from our cyrus installation, which
serves ~17000 student accounts, that I don't want.
We have a centralised LDAP directory containing all user accounts that have
ever existed, which I have saslauthd authenticating against. The problem I'm
having is this:
A user account that exists in LDAP, but not as a Cyrus mailbox, can be used
to login.. The following should show this:
mailserver:~# testsaslauthd -u auser -p rightpassword
0: OK "Success."
mailserver:~# testsaslauthd -u auser -p wrongpassword
0: NO "authentication failed"
mailserver:~# su -c "/usr/sbin/ctl_mboxlist -d" cyrus | \
grep -q auser && echo "exists" || echo "doesn't exist"
doesn't exist
mailserver:~# echo ". logout" | imtest -a auser -w rightpassword localhost
...
C: L01 LOGIN auser {..}
S: + go ahead
C: <omitted>
S: L01 OK User logged in
Authenticated.
...
mailserver:~# echo ". logout" | imtest -a auser -w wrongpassword localhost
...
C: L01 LOGIN auser {..}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: user not found
Authentication failed. generic failure
...
Ok, I can accept that this is logical, in that a user doesn't need to have a
mailbox to log in - they could conceivably be logging in to a server that
requires authentication, purely to read a shared mailbox.
But, for our environment, we do actually want the situation when the user
doesn't have a mailbox, their login attempts will fail.
Is this possible, and if so, any pointers to documentation?
I've googled for about the last half hour, and found nothing that seems to
match what I'm seeing here. If there is something, and I'm stupid, please
point me in the direction I need to go... :)
Cheers,
Mike.
--
Mike Beattie <[EMAIL PROTECTED]> UNIX Systems Engineer, ITS
Ph: +64 3 479 8597 Fax: +64 3 479 5080 Cell: +64 27 44 80386
* Opinions expressed are my own, not those of the University of Otago *
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
