Hi all,
What i'm trying to achieve is :-
An IMAP server installation which will allow logins from certain
usernames only, unless they connect from Webmail (local machine) in which
case any user is allowed.
I've been playing around with a number of ways of doing this, and I've got
the username-only aspect working fine, but I've hit a block getting
'rhost' information for analysis.
My /etc/pam.d/imap looks like this;
auth sufficient pam_listfile.so item=rhost sense=allow
file=/var/imap/imaphosts onerr=fail
auth required pam_listfile.so item=user sense=allow
file=/var/imap/imapusers onerr=fail
auth required pam_unix_auth.so
account required pam_unix_acct.so
password required pam_unix_passwd.so
session required pam_unix_session.so
So in theory, this should work from what I've read of pam_listfile.
However, it appears that rhost information if it's coming from a local
machine interface is returned as (null), as opposed to localhost or
127.0.0.1.
Putting an entry in imaphosts for (null) does nothing, and I've also tried
implementing this system with pam_if.so but it simply chucks back a rhost
mismatch (null) != (null).
Does anyone know if it's possible to force xinetd/pam to return an rhost
to PAM regardless? Or a better way of doing it?
My xinetd.d/imap2 looks like this;
service imap2
{
flags = REUSE NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/tcpd
server_args = /usr/sbin/imapd
}
I've tried it with just running the server '/usr/sbin/imapd' but it
returns exactly the same result.
Any thoughts? I may have to turn to hair pulling.. :)
Thanks,
Chris.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
