From owner-freebsd-security Sun Jun 17 7:23: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by hub.freebsd.org (Postfix) with ESMTP id 42A0637B405 for ; Sun, 17 Jun 2001 07:22:56 -0700 (PDT) (envelope-from dmp@pantherdragon.org) Received: from pantherdragon.org (rook.pantherdragon.org [206.29.168.147]) by spork.pantherdragon.org (Postfix) with ESMTP id 7EB08471C5; Sun, 17 Jun 2001 07:22:55 -0700 (PDT) Message-ID: <3B2CBD3C.7599AB7D@pantherdragon.org> Date: Sun, 17 Jun 2001 07:22:52 -0700 From: dmp X-Mailer: Mozilla 4.51 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Sheldon Hearn Cc: George.Giles@mcmail.vanderbilt.edu, freebsd-security@freebsd.org Subject: Re: Controlling imap access References: <15483.992767509@axl.seasidesoftware.co.za> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sheldon Hearn wrote: > On Fri, 15 Jun 2001 13:54:32 EST, George.Giles@mcmail.vanderbilt.edu wrote: > > > Is there ia way using pam to have user authenticate for imap access, but be > > unable to login ? > > You don't need PAM for this. Set the user's shell to /sbin/nologin. It depends on the IMAP daemon. Some will disallow the user if their shell is /sbin/nologin. Better to use /nonexistent. You can or add something like /usr/bin/true to /etc/shells and use that, if the daemon is picky about the user having a valid shell. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message