From owner-freebsd-stable@FreeBSD.ORG Thu Mar 29 21:14:47 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CB80916A400 for ; Thu, 29 Mar 2007 21:14:47 +0000 (UTC) (envelope-from taras@elantech.ru) Received: from mail2.elantech.ru (mail2.elantech.ru [87.245.154.206]) by mx1.freebsd.org (Postfix) with ESMTP id 8A2C713C4C1 for ; Thu, 29 Mar 2007 21:14:47 +0000 (UTC) (envelope-from taras@elantech.ru) Received: from [10.10.10.13] (unknown [88.84.198.2]) by mail2.elantech.ru (Postfix) with ESMTP id E96D533FA7 for ; Fri, 30 Mar 2007 01:14:40 +0400 (MSD) Message-ID: <460C2C9D.5050508@elantech.ru> Date: Fri, 30 Mar 2007 01:16:13 +0400 From: Taras Savchuk Organization: Elantech Ltd. (http://www.elantech.ru) User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-stable@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 8bit Subject: pam_group question/proposal X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: taras@elantech.ru List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2007 21:14:47 -0000 I tried to use pam_group to allow accessing imap(dovecot) only for users in certain group (users/groups stored in AD and checked out via LDAP/Kerberos), but pam_group is checking applicant's group membership. I'm sure, that in many cases is more useful to check group membership of target (authenticating) user, but not applicant. May be it's a good to add such functionality to pam_group (i.e. ability to chose target/applicat membership check) or create separate module? -- С уважением, Савчук Тарас ООО "Элантек" : Аутсорсинг ИТ, WEB-разработка http://www.elantech.ru +7 (495) 589 68 81 +7 (926) 779 07 05