On 5.2.2012, at 18.53, [email protected] wrote: > we are searching for a possibility to configure a user login on behalf of > another user with a PAM backend. This reminds to the behavior of a master > user. But a master user can access the mailboxes of all users. We need this > more restricted.
Master user doesn't necessarily have access to all users' mailboxes. In the passdb lookup you can decide if this master user is allowed to be this destination user. For example if you used passdb checkpassword, you could look at USER and MASTER_USER environment variables to figure out if this combination should be allowed or not. The checkpassword script can also do the actual authentication via PAM (I'd think there's a way to call it somehow).
