similar to: nologin in auth proto version 1.1

Hi Kirill, Thanks for your reply. Such a simple flat file approach would be perfect, and I don't mind at all to require app specific usernames *and* passwords. However, I am unsure how to combine your recipe below with our regular AD userdb/passdb. Perhaps someone can give me some pointers in that direction? MJ On 07/20/2017 06:50 PM, Kirill Miazine wrote: > I'm not familiar

Hello, POP users often keep fetched mail on server, by checking for "leave mail on server" or similar option in their client. What would be the best way to disallow them using such approach. That is, what is the best way to force deletion of messages that have been RETRieved in a POP session at the end of that POP session? RETRieved messages will be marked as \Seen, but since users

Just a notice to those of you who use Dovecot authentication with Exim. In Dovecot 2.0 authentication server will send a new keyword, COOKIE. This will cause Exim to abort it's authentication request. I submitted a bug and patch to Exim to fix this, the patch is here: http://km.krot.org/code/exim-dovecot-1.1.diff BR, Kirill

2017-09-07 15:04 GMT+02:00 Sami Ketola <sami.ketola at dovecot.fi>: > > > On 7 Sep 2017, at 16.03, Antoine Nguyen <ngu.antoine at gmail.com> wrote: > > > > 2017-09-07 14:29 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > > > >> > >> > >> On 07.09.2017 15:26, Antoine Nguyen wrote: > >>> Hi all, > >>>

Hi, Further to the other thread about password guessing activities against our dovecot, I would like to implement application specific passwords on our dovecot. Googling results in some documents, but they are all a bit older: > https://www.happyassassin.net/2014/08/26/adding-application-specific-passwords-to-dovecot-when-using-system-user-accounts/ >

Hello, Dovecot auth protocol 1.0 defines differend command sets for client and master. How can a daemon distinguish a master connection from a client connection? Clients do send CPID and master does not. I have following auth configuration: auth external { socket connect { master { path = /var/state/dovecot/login/master-auth } } } I try to learn my authentication daemon to

I'm in process of moving away from Cyrus to Dovecot. I have my own authentication daemon working fine. It sets up two sockets: drwxr-x--- 2 root dovecot 512 Dec 7 21:07 /var/state/dovecot/login srw-rw-rw- 1 krot krot 0 Dec 7 21:07 /var/state/dovecot/login/sock drwx------ 2 krot wheel 512 Dec 7 21:07 /var/state/dovecot/master srw-rw-rw- 1 krot wheel 0 Dec 7 21:07

Hello, Still busy with details... Considering, as in my previous example, a password_query returning '!' or NULL for the "nologin" column, depending on an account's status (suspended or not). Let's consider a suspended user "some.user". In the case of a successful authentication, one has: sh-3.2# doveadm auth test some.user goodpassword; echo $? passdb:

I am running Dovecot with system users (userdb passwd), but some of those users don't have shell accounts on the IMAP server so their shell on that machine is set to /usr/sbin/nologin. Currently I am using maildirs and this is not a problem, but I am in the process of switching to dbox which means I will need a cronjob running 'doveadm purge -A'. During testing I found that those

hi, the man page for sshd(1) says about /etc/nologin: "The file should be world-readable". However, nologin has no effect if it's not readable by the connecting user: if (pw->pw_uid) f = fopen(_PATH_NOLOGIN, "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ ... ... return(254) if root has a

My apologies if this has already been discussed. I looked through the mailing list archives and couldn't see any mention of this problem. I compiled and installed openssh-2.3.0p1 on a sparc running SunOS 5.7, and while I was testing it to make sure everything was working properly, I noticed that when I used PAM to authenticate, rather than /bin/login, sshd was not honoring /etc/nologin. I

Hi, I would like to know if the pop3-login process would be create more than one while a user connection is established. http://wiki.dovecot.org/RunningDovecot ------------------------------------ imap-login and pop3-login processes handle new IMAP and POP3 connections until user has logged in. ------------------------------------ I'm sorry to ask you this kind of question... Regards,

On Thu, 10 Jan 2019 at 16:09, Kenneth Porter <shiva at sewingwitch.com> wrote: > I updated to CentOS 7.6 and something must have changed in the base OS > setup that prevents vsftpd from allowing logins for accounts with > /sbin/nologin as their shell. I had to add that to /etc/shells so that > such > accounts could FTP again. That file is in the setup package. Did it >

Hi developers, today I tried to disable logins to an ssh server by putting a nologin file into /etc. This only worked for logins that use the password authentication mechanism. publickey-based authentications still succeeded and the users were allowed into the system. This seems straightforward to me since openssh 4.3 disabled the evaluation of /etc/nologin in favour of pam_nologin but

How do I get IMAP+POP3 vs. LDA to use different user_query statements? The problem is that the input fields are different. IMAP/POP3 is an email address LDA is a username I have written a long statement to try and cater for both however it still only works 99% of the time, and the remaining 1% fails. The 1% that fails sees the mail being delivered to the wrong mbox. In this particular case

Hi at all, in our test environment, I'm playing with dovecot 2.1.13 configured as imap/pop/managesieve proxy. It is configured to authenticate users with ldap and it works very well. Now, I'd like to temporary disable some users's login, because we are moving to another storage, and I wouldn't stop imap service at all. I've found on Dovecot wiki that I could use

Hi, mj * mj [2017-07-20 13:29]: > Hi, > > Further to the other thread about password guessing activities against our > dovecot, I would like to implement application specific passwords on our > dovecot. [...] > > Is there anone here with some additional notes, ideas, tips, trics on > setting up application specific passwords with dovecot with virtual users? > We are

http://bugzilla.mindrot.org/show_bug.cgi?id=1045 Summary: Missing option for ignoring the /etc/nologin file Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org

Hello everyone, I noticed recently that when I had /etc/nologin in place on my server I couldn't log in when I authenticated via passwords, but when I used RSA authentication I was able to log in no problem. I looked through the source, and I think I might see where the problem is. I have a Linux system, so sshd was compiled with PAM support. Using normal authentication, the pam_nologin

Hi. I'm using nologin with own reason [1]. That works fine. For example pop3 client gets nice message like "-ERR [AUTH] Account is locked. Please contact support." Unfortunately maillog lacks information details about why user was not allowed to log in. pop3-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<testuser>, method=LOGIN, rip=1.1.1.1, lip=2.2.2.2,