similar to: Problem with using both pam_listfile to deny logins and pubkey authentication

hi all, i'm setting up Dovecot on OSX to use PAM authentication against a flat_file/static userdb (tho i will _eventually_ mv to pgsql ...). iiuc, to do so i need something like: =================================== (EDITOR) /etc/pam.d/dovecot.imap auth required pam_listfile.so item=user sense=allow file=/var/dovecot/imapusers onerr=fail =================================== for a userdb

We use samba 2.2.9 with winbind. We use winbind for authentication. I was able to selectively limit pop3 use among winbind users on redhat 9 with this pam configuration. (As you would use it in ftpusers, in the reverse sense.) auth required /lib/security/pam_listfile.so item=user onerr=fail sense=allow file=/etc/pop3users This is the best solution for my situation, and I want to have that on my

Hi, I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage. Services like proftpd have: "AllowGroup ftpgroup" sshd have "AllowGroups sshgroup" And samba have "valid users = @smbgroup" But I can't find the correct

Hi, I'm trying to config dovecot to enable IMAP protocol only for certain IPs and users. The logical steps I've followed are: 1. If a user is trying to login from an IP that I've authorized ( listed in a file) the request is authorized. 2. If not, if the user is listed in a second file the request is authorized. 3. If also this check fails the request is rejected. I'm using PAM

I''m guessing this is a common use case, but I wasn''t able to find anything in the site FAQ. We''re looking at using Puppet on about 100 servers to control which user groups have access to which servers. The use case is as follows: We have Groups of servers, for example: CUSTOMERservers (serverA, serverB, ...,serverK) ADMINISTRATIVEservers

Hi All, I am using samba-common-3.0.10-1.4E.9 on a RHEL4_U4 x86 machine. The ADS server is WS03 sp1 running in Windows Server 2003 interim mode. In general thing are working well. However, when winbind caching is enabled (default), group membership does not appear to update, i.e. "wbinfo -r bob" and "groups bob" don't reflect changes in ADS group membership.

Hi, I have a setup with Dovecot handling a few virtual domains delivering mails to both local Unix account mailboxes and seperate mailboxes for virtual users defined in a MySQL database. A quick overview of the configuration shows two passdb definitions: auth default { mechanisms = plain login passdb pam { args = dovecot } passdb sql { args = /etc/dovecot/dovecot-sql.conf }

I'd like to toss a feature request on the table for consideration. We currently use a different popd because of a feature that allows us to restrict pop access based upon an allowed users list. This is the only thing that keeps us from using the popd in dovecot currently. It's a simple text file of usernames that are allowed to use pop, if the name isn't in that list then pop

Hello. Tried search, no luck, sorry, if this is already answered, but I'm still looking a solution using pam_auth how to define in dovecot which user can access which protocol, for example, default is: protocols = pop3 pop3s imap imaps I'd like to use something like this: exclude_using_pop = user1, user2, @group exclude_using_pops = user1, user2, @group exclude_using_imap = user1,

Hi, My primary work computer (on which I have no sudo privileges) is running Debian jessie. For various reasons I need to compile R in my personal directory rather than using the site-wide install. On 2013-12-20 the sysadmin ran apt-get upgrade, and now any R that I compile errors when I try to use X11 fonts: > plot(1:10) Error in axis(side = side, at = at, labels = labels, ...) :

Here's what I'd like. Limited master users, where someone can be a master users for some domains but not others. I think I could do what I want with the right kinds of variable passing that doesn't yet exist. Let me see if I can explain clearly. From the example in the wiki: auth_master_user_separator = * passdb { driver = sql args = /etc/dovecot/dovecot-sql-master.conf.ext

Hi, here I'm sending the information regarding to my contribution: 1) My UserName: LuisVivero 2) What I want to contribute: I have created a manual called "C?mo Instalar CentOS Directory Server en CentOS 5" (that means "how to install CentOS Directory Server on CentOS 5") , that contains all the steps to install, configure and perform a basic test over the server. 3)

hello, in which way do you login ? loginuser*masteruser or just masteruser? You have to do the login with loginuser*masteruser masterpass greetings dominik Am Freitag, den 29.05.2015, 10:14 -0400 schrieb Charles Marcus: > Apologies - maybe doveconf -n shows a hint at the problem? > > Maybe it has to do with I'm using the default_realm? But I've tried > adding the user as

Hi folks, I can't seem to log into my system via vsftpd. All other services using PAM are fine...Am I missing something simple? ftp> user (username) user 331 Please specify the password. Password: 530 Login incorrect. # getenforce Permissive here is the event in /var/log/audit/audit.log: type=USER_AUTH msg=audit(1247235151.569:9781): user pid=21052 uid=0 auid=0

Hello, I like to enable the allow_nets Feature (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets) for my customers. To help them knowing there own IP I imagine a special mailbox/loginuser at the pop3 server. That user could give a valid pop3 answer from a dummy pop3 server or simply throw a login error with customised answer containing the IP information. Has anybody done

Hi, I have tested the current snapshot portable release (dated Jan 9 2004). configuration has: UsePAM yes PasswordAuthentication no ChallengeResponseAuthentication yes UsePrivilegeSeparation yes two problems: first pam_motd does not work anymore. second, I needed a quick way to disable normal user logins without disabling admin accounts (members of group wheel). the best option i could come

Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add "require_membership_of" to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards,

I would like disable password authentication in sshd for particular users, without locking their UNIX password, and without requiring all users to use PubkeyAuthentication. I cannot find a documented way to accomplish this in OpenSSH. Is it currently possible? If not, I think this would be a very useful feature to add. I believe that each user should have some control of which authentication

Hello! I was wondering if it possible now (or possible to implement something like that in the future) that the daemon does only accept connections if a specific file is present at the moment of the connection request. I want to achieve that a connection to my server is only possible if I plug in e.g. an USB stick (which would contain the file) and is always rejected if that

I am using SSSD to get user AUTH from a backend Samba4 AD/DC. For Linux clients sssd.conf is configured to query Samba4 AD based on LDAP/Kerberos i.e. the Linux clients have not done a Domain join. Physical console logins -- things are working fine with changes to NSS and PAM (tool authconfig) for domain User AUTH on Linux and Windows clients. However, I want to restrict access to certain