similar to: About the "nologin" extra field

Hello, Still busy with details... Considering, as in my previous example, a password_query returning '!' or NULL for the "nologin" column, depending on an account's status (suspended or not). Let's consider a suspended user "some.user". In the case of a successful authentication, one has: sh-3.2# doveadm auth test some.user goodpassword; echo $? passdb:

Hi everyone, first post to the list, be gentle with me! Perhaps I'm missing something here, but it appears to me that many password database extra fields currently aren't much use inside SQL queries? All boolean fields like nologin/nodelay/nopassword are set if the column is present in the returned query, regardless of value (including NULL) For example, say you have a query like:

Hi at all, in our test environment, I'm playing with dovecot 2.1.13 configured as imap/pop/managesieve proxy. It is configured to authenticate users with ldap and it works very well. Now, I'd like to temporary disable some users's login, because we are moving to another storage, and I wouldn't stop imap service at all. I've found on Dovecot wiki that I could use

Hi, I've tried to use the "nologin" extra password-db field as specified here: https://wiki.dovecot.org/PasswordDatabase/ExtraFields/NoLogin Due to lack of exact documentation, I've tried to use `nologin`='y' for users that can't login, and setting `nologin`='n' for normal users. Apparently setting it to NULL for normal users would have been correct, as

Hello list, Still need your help configuring proxy infrastructure. Today, I really struggle configuring master passwords forwarding. What I want: master user can connect to any other account, on proxy. Could please somebody help me, I read both articles about this on wiki, but still can't connect :( What I did: on proxy: auth_master_user_separator=* passdb sql { args =

Hi, I'm not sure if I should be posting this question here or on the Postfix mailing list, but I'll start here. When using Dovecot SASL with Postfix, is there a way to return a login-failed reason in the SMTP AUTH dialog using "nologin", similar to the way it can be done with Dovecot IMAP and POP? Details: I have a Dovecot authentication-only daemon working with a Postfix

When using proxy_maybe CRAM-MD5 authentication fails when the connection is proxied. Is this expected behavior? Is proxy_maybe too simplified for this case? We're using SQL so I could rewrite the query with IFs to fake proxy_maybe and return the password as NULL and nologin as Y, but if it works that way couldn't it work with proxy_maybe? This works: password_query = \ SELECT NULL AS

Here's a patch for a feature I'm used to having in the old commercial ssh. It checks for usernames the file /etc/nologin.allow when /etc/nologin is in place, and lets the users mentioned in /etc/nologin.allow in regardless of /etc/nologin. This is very usefull for remote administration of servers. Please consider applying this. -jf -------------- next part -------------- ---

Per Timo's direction, I decided to give the MasterUser a try in connecting my proxy to my destination server. This might allow for the use of 'secure password' for my clients that like to check that box by default. A couple of problems I'm running into running RC15: #1: My Proxy's SQL password_query line: password_query = SELECT a.clearpasswd AS password, v.storeIP AS host,

Attached is a patch to be applied with GNU patch -p0, notice that configure needs to be regenerated. The patch addresses the following annoyances: * On AIX there is a signal called SIGDANGER which is sent to all processes when the machine runs low on virtual memory. This patch makes sure that this signal is ignored, because the default on older AIX releases is to kill the running process

Hello everyone, I noticed recently that when I had /etc/nologin in place on my server I couldn't log in when I authenticated via passwords, but when I used RSA authentication I was able to log in no problem. I looked through the source, and I think I might see where the problem is. I have a Linux system, so sshd was compiled with PAM support. Using normal authentication, the pam_nologin

hi, the man page for sshd(1) says about /etc/nologin: "The file should be world-readable". However, nologin has no effect if it's not readable by the connecting user: if (pw->pw_uid) f = fopen(_PATH_NOLOGIN, "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ ... ... return(254) if root has a

I notice that the nologin parameter for the AUTH command is gone in version 1.1 of Dovecot Authentication Protocol. nologin was added in 1.1, so that authentication client could indicate that there will be no subsequent master requests to retrieve user info. Could we have nologin back please? Kirill

I am running Dovecot with system users (userdb passwd), but some of those users don't have shell accounts on the IMAP server so their shell on that machine is set to /usr/sbin/nologin. Currently I am using maildirs and this is not a problem, but I am in the process of switching to dbox which means I will need a cronjob running 'doveadm purge -A'. During testing I found that those

My apologies if this has already been discussed. I looked through the mailing list archives and couldn't see any mention of this problem. I compiled and installed openssh-2.3.0p1 on a sparc running SunOS 5.7, and while I was testing it to make sure everything was working properly, I noticed that when I used PAM to authenticate, rather than /bin/login, sshd was not honoring /etc/nologin. I

On Thu, 10 Jan 2019 at 16:09, Kenneth Porter <shiva at sewingwitch.com> wrote: > I updated to CentOS 7.6 and something must have changed in the base OS > setup that prevents vsftpd from allowing logins for accounts with > /sbin/nologin as their shell. I had to add that to /etc/shells so that > such > accounts could FTP again. That file is in the setup package. Did it >

--On Thursday, January 10, 2019 4:17 PM -0500 Stephen John Smoogen <smooge at gmail.com> wrote: > So I think this is a side effect of a long term argument of the security > nature of /sbin/nologin > > https://serverfault.com/questions/328395/nologin-in-etc-shells-is-dangero > us-why > https://lists.fedoraproject.org/archives/list/devel at lists.fedoraproject.o >

I'm seeing a problem under AIX (4.3.3, 5.1, 5.2) very similar to bug #178. It occurs with both 3.6.1p1 and openssh-SNAP-20030910. If /etc/nologin is present, a session requesting a pty will hang, apparently when the sshd parent tries to close the pty slave. As in bug #178, adding a brief sleep to the child sshd anytime after the fork seems to clear up the problem (though I agree that this

Hello, In the past (older dovecot versions) I've tuned the SQL "password_query" of our mail server so that when the user has the account blocked for some reason (expired, need password change, etc.) the query returns nologin=1 and a verbose reason like reason="Your account is expired please change the password" and it worked very well with IMAP clients. I'm now

http://bugzilla.mindrot.org/show_bug.cgi?id=178 Summary: Content of /etc/nologin isn't shown to users, fix triggers probably AIX bug Product: Portable OpenSSH Version: 3.1p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: