Re: Mailserver with accounts seperated from unix-accounts
On Mon, 24 Sep 2001, mdxi wrote:
> On Monday, September 24, 2001, at 03:06 , Erik Tews wrote:
>
> > I would like to have the mail-accounts seperated from
> > the normal unix-accounts.
>
> Me too.
>
> It seems that this:
>
> * Mailserver with non-system passwords
> * SMTP-AUTH to allow relaying by people anywhere
> * Sharing authentication between SMTP and IMAP server
>
> is the "HELP I CANT GET PPP WORKING" of the new millennium, which is to
> say that everyone wants it, but no distro seems to support it easily *and*
> there are no decent docs.
What level of separation do you want?
My /etc/{passwd,shadow,group,gshadow} lists *ONLY* Debian supplied
users. All other user information is stored in a LDAP database.
In the LDAP entries, some are marked for logon access, some for mail,
and I can restrict users to certain machines... All with standard
OpenLDAP, Pam, ssh, sendmail, etc.
When users authenticate using a plain password, /etc/sasldb is
automagically updated to have cram-md5, etc. passwords so subsequent
authentication can be more secure.
Local machines (localhost, localnets) need not authenticate, but remote
users must use SMTP AUTH and/or STARTTLS to send mail (pop-before-mail
is a gross hack imnsho).
> Mail servers in general seem to be the deepest magic on a Unix box, and
> they all seems to have configuration systems which were designed to be
> antagonistic even towards people who can handle any other administration
> task while driving, brushing their teeth, and having sex.
;-)
> So I second this emotion. Can someone please write a cookbook style
> document for how to achieve the above configuration? Perhaps one using
> userdb and one using an sql database. I would be happy to do it myself but
> I've been banging my head against my keyboard for the past 4 days trying
> to get this very thing working.
There are a few folk here who could help with LDAP...
> My apologies if I'm way off base; all suggestions gratefully accepted.
--
Rick Nelson
<Sanaya> you guys are all sick! sick sick sick I tell ya ;)
Reply to: