Stefan Radomski wrote:
Hi there,
I have libpam-ldap running with libnss-ldap just fine, now I want to have different user groups for the several services like imap, smtp and others. I have read the description for the libpam-modules, but none seems to solve the problem.
pam_listfile does, just create some acl with one identifier per line, where an identifier can be a groupname, a username or something else as described here:
http://www.linuxdevcenter.com/pub/a/linux/excerpt/lsckbk_chap1/index3.html
[-- snip --]
narf:/# cat /etc/acl/imap #used by /etc/pam.d/imap - a list of groups to be member of to use imap imap
narf:/# cat /etc/pam.d/imap #%PAM-1.0 #auth sufficient /lib/security/pam_ldap.so #auth required /lib/security/pam_unix_auth.so try_first_pass #account sufficient /lib/security/pam_ldap.so #account required /lib/security/pam_unix_acct.so
auth required /lib/security/pam_listfile.so file=/etc/acl/imap item=group sense=allow onerr=fail
@include common-auth @include common-account
[-- snip --]
that will only allow members of the group imap to authenticate via imap.
hth stefan
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
