On 21/07/10 21:07 +0200, Josef Karliak wrote: > All this procedure is because users has weak passwords, so we let them > in the company (using only IMAP), but if anybody want to has IMAPS from > outside of company (from home, etc...) we force him to create strong > password and let IMAPS authorize by this file. And it is not allowed to > use anyone else authorization from IMAPS... Quuestion - is this possible > at all ? :) Another approach is to take advantage of service specific sasl configuration. For instance, if you have cyrus.conf configuration like: imap cmd="imapd -U 30 -D" listen="imap" prefork=0 imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 Then you could create a default SASL configuration in /etc/imapd.conf of: sasl_pwcheck_method: saslauthd #sasl_saslauthd_path: <system dependant default> and a service specific one (for imaps) of: imaps_sasl_pwcheck_method: saslauthd imaps_sasl_saslauthd_path: /var/chroot/var/run/saslauthd/mux Then run two instances of saslauthd, where the first one authenticates via your system pam libraries, and another instance runs inside a chrooted environment (for instance), and authenticates to the pam libraries inside of the chroot. -- Dan White ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
