Hi
I'm very new to popper; I just set up sendmail and qpopper (newest
release 4) on my SuSE linux and after some hours of trying I brought it
to do what I want it to...
I enabled PAM for authentication and my additional request was to only
allow specific groups to POP since I want to limit everything on my box
to just those users who really need it....
After some readings of PAM-Docs I wrote my own /etc/pam.d/pop3:
account requisite /lib/security/pam_unix.so no_warn
auth requisite /lib/security/pam_unix.so no_warn
auth requisite /lib/security/pam_listfile.so \
onerr=fail item=group sense=allow
file=/etc/mail/qpopper.groups.allow
password requisite /lib/security/pam_unix.so use_authtok md5 no_warn
session requisite /lib/security/pam_unix.so no_warn
This does exactly what I want, BUT I hate those ugly PAM-Errors getting
to the POP3-Client when there's no success!
What I'd like to have:
valid user, valid password, user is allowed to login:
as it is now, PAM says nothing, user is logged in with a short message
from qpopper
invalid user OR invalid password (user not allowed to login):
now: PAM gives to DIFFERENT errors when trying to login with a blocked
but existing user and when trying to login with a nonexisting user (I
dont want this enumeration possibility).
what i'd like: QPOPPER gives an error like "Access denied" or some
other general deny-warning and there's NO line like:
-ERR [AUTH] PAM authentication failed for user "mindblow.ch":
Authentication failure (7)
(blocked user or allowed user with wrong pass)
-ERR [AUTH] Password supplied for "kasldkd" is incorrect.
(nonexistent user)
Any idea how this could be done? Perhaps it's also a PAM Issue but I now
only understand the very basics of PAM so I didn't find any further
options....
Thanks a lot!!
Matt
