similar to: Different classes of user

I read the clear-as-mud docs, and it appears that if we want to modify system-auth-ac, we can create a local, and point system-auth to it. Howver.. in the default, I see auth [success=3 default=ignore] pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid Now, we'd like to add sudo to that list. Does anyone know *where* authconfig

Hi, although dovecot is great and almost exactly solving my problems and fitting my requirements, there is an odd detail that causes me problems: The %c variable. (See http://wiki2.dovecot.org/Variables ) I'm managing an IMAP server for an association, which is connected to an LDAP server. Users can connect in three ways: IMAPS from the internet, IMAP from local acccounts, and IMAP

Hello, having difficulty setting up a 'secure-only' service on a non-standard port. Objective is to open a secure Dovecot service on an internet-visible port, while also using an insecure service for hosts on an internal network (so that one particular client which is not SSL/TLS-capable can continue to use the service). Checking wiki1 and wiki2, I think that port 143 can be used for a

Good time of the day! It is possible to setup dovecot with different requirements for SSL and non-SSL protocols? What would I like to do: pop3/imap non-SSL = allowed plain text authentication. pop3/imap with SSL = allowed plain text authentication with required valid SSL certificates. I need to allow access from any IP address for first group of users, which have valid SSL certificates. And

On 02 Feb 2016, at 13:09, Haravikk <dovecot at haravikk.me> wrote: > > So I still haven?t found a way to require client certificates only for port 993/IMAPS while leaving unencrypted IMAP open for local, trusted, services. > > Is there really no way to do this? I just found out how to do the same thing for postfix (turns out it?s fairly easy, just a matter of adding the

Hello list we encounter a weird SSL issue with one of our dovecot (2.2.24 on Centos6) which we can only explain if our assumtion is correct Symptoms are that imaps connections (on port 993) suddenly get veeeery slow. Up to 180s for one connection with openssl s_client The thing we do not understand is that in the same time imap connections with starttls are just 1s. We can see that entropy on the

On Sat, May 30, 2015 at 10:38 AM, Phil Pennock <phil.pennock at globnix.org> wrote: > On 2015-05-30 at 15:00 +0200, Kasper Dupont wrote: >> On my laptop I have key1 and key2. I can use key1 to log in >> on server1, and I can use key2 to log in on server2. I want >> neither key to leave the laptop, and only key2 is allowed >> to be forwarded to other hosts. >

On 12/06/2014 02:35 AM, Nick Edwards wrote: > On 12/5/14, ML mail <mlnospam at yahoo.com> wrote: >> Hello, >> >> I am wondering which variant is more secure for user authentication and >> password scheme. Basically I am looking at both variants: >> >> 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism >> 2) SHA512-CRYPT password

On Mon, 2024-03-04 at 20:10 -0500, Tygre via samba wrote: > Hi there, > I have looked for a solution to my problem on the Internet (and > in particular this mailing list), but couldn't find one, probably due > to searching for the wrong thing :-) > I have an RPI running Samba version 4.9.5-Debian. "pdbedit -L" > shows that the user "smbuser" exists. I

On Fri, 2020-10-30 at 15:21 +0100, Norbert Hanke via samba wrote: > On 29.10.2020 18:27, Tom Diehl via samba wrote: > > > > Maybe I am missing something, but what is the secure way to run an > > automated > > backup on recent versions of samba? Can samba-tool domain backup be > > made to use > > kerberos so I do not need to store an admin password in an >

Tried single quotes on Domain Admins in the pam.d file as well as a backslash on the space with no effect. I've found several references that just say "no spaces in group names." Is there really no way to do this? Also, most references I find to using these lines in pam.d say that "sufficient" should work, but I'm finding that users in the named group can then log in

Hello everyone, I'm trying to mount a CIFS share served by Windows 10 Samba with encryption. On the Windows server side, I made a regular share and told Windows via Powershell command Set-SmbServerConfiguration -EncryptData 1 to encrypt the data if possible, and via Set-SmbServerConfiguration -RejectUnencryptedAccess 1 to reject unencrypted connections instead of negotiating an unencrypted

Hi there, I have looked for a solution to my problem on the Internet (and in particular this mailing list), but couldn't find one, probably due to searching for the wrong thing :-) I have an RPI running Samba version 4.9.5-Debian. "pdbedit -L" shows that the user "smbuser" exists. I used "smbpassword" to set the password of "smbuser". I also have

Anyone got any experience/suggestions for a way to store a directory of sensitive information on a CentOS box? This directory contains many scripts and output files, I need it backed up but not unencrypted and don't want to store it in a tar file type archive as when it needs to be accessed and have scripts executed/data generated, it needs to be untarred/unencrypted and I don't know the

Hi, Is it possible to configure Dovecot to reject mail that is not encrypted. In other words: 1. If the user tries to send an unencrypted message from their MUA, the server rejects it. 2. If a third-party tries to send an unencrypted message to the user, the server rejects it. The end result would be that no mail stored on the server can be decrypted by the administrator. I am aware that: *

Hello, we migrate from Samba 2.2 to Samba 3.020b. We have the problem now, that some clients can not connect to the Samba Server. In the log there are messages like that: [2006/02/23 08:49:20, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/02/23 08:49:20, 2] auth/pampass.c:smb_pam_auth(514)

Hello, I am using Dovecot ver.1.0.7 on an x86 server with RedHat Linux Enterprise 5 and the following configuration: # 1.0.7: /etc/dovecot.conf protocols: pop3 login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/pop3-login mail_location: mbox:~/mail:INBOX=/var/mail/%u mail_executable: /usr/libexec/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/pop3

I?m using dovecot to provide encrypted IMAP e-mail support for remote clients and it?s working great. However, I also need to set up a webmail front-end (Roundcube), which I?m hoping to have use unencrypted IMAP on port 143 (as only port 993 is available externally). The problem I?m running into is that I want to require client certificate authentication on port 993, but dovecot is apparently

Hello, I'm running dovecot 1.0-0_12.beta8. Since I have only a very small number of user on that server, I have their names and password in text files, no databases. imap works both via webmail and via Kmail Is it possible to have, for the same user, a plain unencrypted password when connecting via imap on the local interface (needed, as I understand it, to be squirrelmail compatible) and a

Hello, When I add "server signing = mandatory" to my smb.conf file (AIX V6.1, 6100-04-11-1140 running Samba v3.6.5) that has "encrypt passwords = no", my windows client no longer can connect. It fails with system error 64. The windows system is running XP vers 2002 with service pack 3. The security settings are set to: Microsoft network client: Digitally sign communications