On 01/-10/-28163 02:59 PM, Gaby L wrote: > *Hi * > *Please help me in a little PAM problem,with courier-authlib* > ** > *The system is Centos 5.3 with courier-imap 4.10 and courier-authlib0.63* > *I want to filter pop3 access (authenticate with PAM) with > /etc/security/access.conf* > *After add in* > * /etc/pam.d/pop3 file account required pam_access.so * > *it is work corectly but use the IP valid address/mask in access.conf > not work.* > *If relplace IP address with ALL it work corectly* > ** > *Ex* > *- : gaby : 192.168.3.0/24 not restrict user gaby from 192.168.3.0 > network,this option is ignored* > *Any IP in this format is ignored* > ** > *The secure log report:* > ** > Dec 6 13:13:48 mail authdaemond: pam_access(pop3:account): line 116: - : > gaby : 192.168.3.0/24 > Dec 6 13:13:48 mail authdaemond: pam_access(pop3:account): user_match: > tok=gaby, item=gaby > Dec 6 13:13:48 mail authdaemond: pam_access(pop3:account): string_match: > tok=gaby, item=gaby > Dec 6 13:13:48 mail authdaemond: pam_access(pop3:account): user_match=1, > "gaby" > Dec 6 13:13:48 mail authdaemond: pam_access(pop3:account): from_match: > tok=192.168.3.0/24, item=pop3 > Dec 6 13:13:48 mail authdaemond: pam_access(pop3:account): string_match: > tok=192.168.3.0/24, item=pop3 > Dec 6 13:13:48 mail authdaemond: pam_access(pop3:account): > network_netmask_match: tok=192.168.3.0/24, item=pop3 > Dec 6 13:13:48 mail authdaemond: pam_access(pop3:account): from_match=0, > "pop3" > ** > *If use ALL istead of IP,then restriction is functionaly* > ** > *What is problem? CentOS,PAM settings,Coutre-authlib?* > ** > *What is other simple method restrict user/IP for courier-imap services?* > *Please help me* > *Thanks Gaby*
Hey, its somewhat hard to connect courier-authlib with other auth systems (PAM,/etc/passwd, etc.). courier-authlib doesn't do much of that. Although you expect it to, courier-auth just does auth for user accounts, locating vmail 'MailDirs', and giving perms so that the mail/websystem knows what perms to access users mails with. That sounds like you will need a filter to mangle that functionality. All courier-authlib does is enumeration (or what everybody else calls authentication, see http://www.courier-mta.org/authlib/ -- first half of the page). All that fancy stuff you want to do there it doesn't do. You will have to use some filter. Most of Courier's functionality is done via filters and pipes. Or you may have to tell PAM to only auth users from /etc/security/access.conf ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
