Re: best way to create pop only accounts

To: debian-security@lists.debian.org
Subject: Re: best way to create pop only accounts
From: Emmanuel Lacour <elacour@easter-eggs.com>
Date: Mon, 11 Mar 2002 18:30:04 +0100
Message-id: <[🔎] 20020311173004.GA11812@easter-eggs.com>
In-reply-to: <[🔎] 20020311161009.A11951@rhwd.owl.de>
References: <[🔎] 20020311122145.GA1718@mantis.autsens.localnet> <[🔎] 20020311144018.GD28906@dat.etsit.upm.es> <[🔎] 20020311161009.A11951@rhwd.owl.de>

On Mon, Mar 11, 2002 at 04:10:10PM +0100, Alexander Reelsen wrote:
> Hiya
> 
> On Mon, Mar 11, 2002 at 03:40:18PM +0100, Javier Fernández-Sanguino Peña wrote:
> > On Mon, Mar 11, 2002 at 09:21:45AM -0300, Pedro Zorzenon Neto wrote:
> > >    Which is the best way to create a POP only account? just change the
> > > last field in /etc/passwd to /bin/false?
> > 	No. My 2 cents (of Euro): use a directory for POP authentication
> > using the appropiate PAM modules, you could easily setup LDAP for this and
> > there are quite a number of POP3 daemons that provide LDAP schemas which
> > can be readily used in, for example, OpenLDAP.
> PAM is definately the way to go here. You can use the debian packages of
> for example your popdeamon-of-choice and just install the backend yourself
> (if you need to). Doing this via LDAP is a neat way, but you could also do
> the authentication and/or storing of all the mail via MySQL.
> 
> I bet you are already using PAM to authenticate via /etc/passwd, you're
> just not realize this :-)
> 
> Check out the (not always easy to read) documentation about PAM, however
> it's worth a read.
> 

The main important documentation is the one that comes with the modules
(libpam-ldap,libpam-mysql...) which I think is no so hard to read.

One trick about this, you can easly manage services accessed by your users by inserting where
tags in pam or other software configs. A quick example overview for mysql:

Table user:

(user_id,user_name,realname,shell,password,uid,gid,homedir,sys,pop,imap,ftp)


and respectively use the following in

/etc/pam.d/imap

where=imap=1

/etc/pam.d/qpopper

where=pop=1

/etc/nss-mysql*.conf

users.where_clause = user.sys = 1;

/etc/proftpd.conf

SQLWhereClause "ftp=1"


So if one of the precedents tags are equal to 0 ... user can't use the
service.

Regards,


Manu.

-- 
Easter-eggs                                Spécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37    -     Fax: +33 (0) 1 41 35 00 76
mailto:elacour@easter-eggs.com   -    http://www.easter-eggs.com

Attachment: pgpDJbnMj9nQb.pgp
Description: PGP signature

Reply to:

References:
- best way to create pop only accounts
  - From: Pedro Zorzenon Neto <pzn@terra.com.br>
- Re: best way to create pop only accounts
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: best way to create pop only accounts
  - From: Alexander Reelsen <ref@tretmine.org>

Prev by Date: Re: Ssh and others compiled with tcpwrappers (Re: ssh without reverse DNS lookup)
Next by Date: Re: rootkit detection
Previous by thread: Re: best way to create pop only accounts
Next by thread: Re: best way to create pop only accounts
Index(es):
- Date
- Thread