>>>>> "martin" == martin f krafft <madduck@debian.org> writes: [...] >> only way I can think of to have seperate users is to set the 'mail >> only' accounts to have a shell of /dev/null. Or perhaps something >> else like /usr/local/bin/bash, and only make /usr/local/bin/bash >> available on those systems which you want these users to login >> to. the rest of the systems would have no such file. martin> this sounds like a very unflexible hack. i suppose i could martin> somehow tweak pam_ldap or an sql pam module to do this... Looking at my pam_ldap file, I see this option: # The distinguished name of the search base. base dc=uhoreg,dc=ca I haven't fiddled with it, but I assume that it would allow you to use a subtree of your LDAP directory. I suppose that other LDAP-based authentication modules would have similar options. [...] martin> Mainly because I want people who don't know what a shell is martin> (about 85% of the users) to have a simple web frontend for martin> configuration. And before I make modules for .forward and martin> modules for .spamassassin, i'd much rather just give them their martin> LDAP subtree for complete access. it scales better. Why not just use something like usermin-forward? (I don't know of a usermin module for spamassassin, though.) It's in unstable, and I assume it should be in testing by now, but I think it came out after Woody. I think that setting up a web-based front end would be easier than trying to coax various programs to read the LDAP tree. -- Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
Attachment:
pgp723yh78oMZ.pgp
Description: PGP signature