On Fri, Dec 29, 2006 at 11:42:11PM -0500, Jim Bacon wrote: > Why do you say it is easier to create the user accounts? I am trying to > avoid creating a number of functional account names (i.e. sales, support, > etc.) and have mailboxes only, without using aliases and such to send those > to real people. Because, when you have all of your users in one place, many other things work better. For example, with the proper mailer flags, sendmail will recognize all of them as local users. > I am new to using PAM, how do you discriminate between full login and mail > only with PAM? PAM is extremely flexible. The best place in pam.conf to authorize users for different services is the Account management section. In a simple case, you only need a PAM module that consults a table of user names or group names. Typically on an e-mail server, you'd want to authorize all users to read e-mail but only a few to log in to the server. So, you'd set up the PAM service names that Cyrus uses (cyrus, imap, pop, sieve) with no restriction in pam.conf, but the default service name (other) would invoke your new PAM module to restrict access. On a different machine, say to provide shell access for all users, you'd set up a different PAM configuration. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
