Hello,
I have a working setup of Postfix-Cyrus-Web-cyradm configured as per the
Web-cyradm HOWTO. I am quite happy with Web-cyradm and many thanks for
the hard work devoted in this nice software.
As a measure of security, I would like to force users to change their
passwords periodically. For this, I installed "Change SQL Password"
plugin of Squirrelmail and slightly modified accountuser table by adding
one more field (force_change_pwd) at the end of the table. It works fine.
My problem is that the users use an imap client software (mainly
thunderbird) to access the cyrus imap server. So, they can use mail
boxes using the same old password as long as they use solely an imap
client other than squirrelmail. As expected, the "Change SQL Password"
plugin does not force the users who opt not to use squirrelmail.
My questions are:
1. Is there a way to block using an imap client (other than
squirrelmail), say thunderbird, as long as force_change_pwd in
accountuser table is set to 1?
2. Is there another way to force password change for Cyrus imap other
than "Change SQL Password" plugin of Squirrelmail?
3. If there is no a quick solution to this problem, how can I block all
the imap clients (thunderbird, outlook etc) except Squirrelmail
accessing the imap server?
4. Any other possible solution to this problem?
Thank you very much.
Regards,
Mufit
PS. cyrus.conf and imapd.conf of my setup attached
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
imaplocal cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imap"
prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=5
imapslocal cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imaps"
prefork=0
sievelocal cmd="timsieved -C /etc/imapd-local.conf" listen="127.0.0.1:sieve"
prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
}
EVENTS {
checkpoint cmd="ctl_cyrusdb -c" period=30
delprune cmd="cyr_expire -E 3" at=0400
tlsprune cmd="tls_prune" at=0400
}postmaster: postmaster
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
#admins: cyrus
allowanonymouslogin: no
allowplaintext: no
#tls_require_cert: 1
sasl_minimum_layer: 128
servername: mail.example.com
autocreatequota: 200000
maxmessagesize: 0
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sievedir: /var/lib/imap/sieve
sieve_maxscriptsize: 32
sieve_maxscripts: 5
sendmail: /usr/sbin/sendmail
#hashimapspool: true
#unixhierarchysep: yes
tls_ca_file: /etc/pki/tls/certs/imapd.cert
tls_cert_file: /etc/pki/tls/certs/imapd.cert
tls_key_file: /etc/pki/tls/private/imapd.key
_______________________________________________
This mailing list is hosted and supported
by bit-heads GmbH | http://www.bit-heads.ch
_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm
