> we have a very simple user-/passdb (like passwd) to authenticate virtual IMAP
> users.
> We also use this for Postfix authentication. Nothing special.
>
> But, we need to exclude some of the users from IMAP login.
> How could this be done?
There's a facility to add arbitrary code to the imap login process,
e.g., in "10-master.conf":
service imap-postlogin {
executable = script-login /local/bin/imap-wrapper
user = $default_internal_user
unix_listener imap-postlogin {
}
}
In our case, "/local/bin/imap-wrapper" is a Perl script that
checks the user's login shell, and if it is one of our "blocked"
shells, returns:
print "* NO [ALERT] Your account has expired, and access to it has been
suspended. ".$msg_helpdesk_refer;
exit 1;
otherwise it execs the command given in its arguments.
More info is at:
https://doc.dovecot.org/admin_manual/post_login_scripting/
Anne.
--
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
[email protected] +1 514 848-2424 x2285
