Patrick Boutilier schreef: > Paul van der Vlis wrote: >> Hello, >> >> A customer is using a system with a mailserver and a FTP-server on one >> machine. >> >> Now a FTP-user found out, that he can login with his FTP-username and >> password into the webmail (Horde/IMP), and send mail. >> >> FTP-users do not have a mailbox. Is there a way to make the >> authentication "not OK" for users without a mailbox? >> Or only "OK" for users who are member of a group? > > You should be able to use pam_require > (http://www.splitbrain.org/projects/pam_require). Make a group for your > mail users and put the users in that group. Then configure > /etc/pam.d/imap (or wherever your pam config is located) to use > pam_require to require that users that want to log into Cyrus be in that > group. It's a good idea and I can do it. But my distribution (Debian) does not support this pam-module, so I have no security support. But I found pam_group, part of libpam-modules. This seems to do what I want. With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
