>>> Michael Ströder<[email protected]> schrieb am 14.04.2015 um 09:42 in Nachricht <[email protected]>: > Ulrich Windl wrote: >> I mean: You create a file like /etc/sasl2/smtpd.conf that contains: >> # cat smtpd.conf >> pwcheck_method: saslauthd >> mech_list: plain login >> -- >> If saslauthd is configured to use PAM (-a pam), all users that the PAM > module >> finds are valid users for smptd. My question was whether (and how) one can >> restrict the possible users from the saslauthd configuration file (like >> smtpd.conf). > > Hmm, if you don't want all your PAM system users to be valid e-mail users > then > simply don't use PAM. Sometimes one should rethink the software stack if > requirements get more clear. smtpd sounds like postfix which has very > flexible > LDAP support. > > Depending on the PAM/NSS system you're using there could be group authz > mechs > there too. But you did not provide enough information to really think about
> this. Personally I prefer to directly use the LDAP features of the software > used. Hi! The advantage of the PAM configuration seems to be that you only have to describe your LDAP structure once, and not for every application. I thought there might by a method to restict the accepted users from the sasl configuration file, but it seems there is none. Thanks! Ulrich
