> >>The daemon MUST require all connections to be authenticated, preferably
> >>against the vpopmail user base.
> >>
> >>user rwidmer                                      ok
> >>password mypassword                               ok
> >
> >
> > This is only slightly related to Rick's comments (which I think are very
> > good by the way), but when he says "against the vpopmail user base"
exactly
> > what user base is he referring to?  In his example, where is the
"rwidmer"
> > user information stored?  Is this something related to how qmailadmin
(which
> > I know the least about re: vpopmail) does authentication?
>
> By 'against the vpopmail user base', I mean the mail users in vpopmail.
> There should also be a group of users that don't get email, but have
> rights to every domain on the system.   This could be accomplished by
> having a 'domain' that is not legal, like 'system.admins'.  I am pretty
> sure vpopmail will allow you to create such a domain, but DNS won't
> allow it to receive mail.  A proper system admin login would look like
this:
>
> user [EMAIL PROTECTED]
> password mypassword
+1 That is very good idea.


> Any user within vopomail should be able to login and do actions
> appropriate to assigned capabilities.  Other than the system.admins
> domain the rules are already built into vpopmail.  If you are a member
> of the system.admins domain, you have the right to create and delete
> domains, and full access to manage any domain on the system.
>
> It might be good to create system.admins domain and
> [EMAIL PROTECTED] user when the vpopmail daemon is installed.
> This user would be similar to root in the operating system.  You could
> then use the daemon to create the rest of your mail system.

A step forward: using pw_gid [EMAIL PROTECTED] could have different level
of access to system administration.

Solt

Reply via email to