Jim Flanagan wrote:
Yes, that's the easiest way. Actually, I do use yast to set up users, though I don't use yast to configure the services. OK, regarding users, I did set up two new users in yast, but when I click the disable login box, those users cannot access the mailbox in cyrus. If I un-check that box to allow them to log in, they can access their mailbox. So this is not yet what I want. I need to somehow limit their access to only email services, still unclear on how to do that. I have not edited the main.cf yet, more on that further down.
Set login shell to /bin/false, so they don't have a login shell, that's all.
As to number of domains I'm only serving one at present. I guess its conceivable that I could add a few more, say 1 to 4 more? Possibly. As
The real question here is if these domains will have independent mailboxes or if all domains point to the same user in the end:
Postfix domain classes:
mydestination: user1@example.com = user1@example.net loginname: user1
virtual_mailbox_domain: user1@example.com != user1@example.net loginname: user1@example.com user1@example.net
So the question should be considered now, bevor you have to migrate your setup to virtual_mailbox_domains if you need to have independent addresses in your domains.
Are you saying here that using the first method, mydestination, user1 will have access to both example.com AND example.net? So in this case I couldn't have a different individual, both with the same name of say user1, one at example.com and the other at example.net. I've never considered these two different setups you are describing, but understand this needs to be decided first.
Exactly. If you only have one main domain and several alias domains, then you can also set these additional domains as virtual_alias_domains, but the real question is if you have independent domains or not. If you do have independent domains or you think it is possible that some day you might need them, then you should probably set up your domain as virtual_mailbox_domain. [sasl/pam setup]
All the above is set up the same on my machine, just like you layed it out.
Then you should be able to use testsaslauthd to check if a user is able to authenticate: testsaslauthd -u user -p password -s service examples: testsaslauthd -u jim -p password -s smtp testsaslauthd -u jim -p password -s imap If that works you can implement the sasl authentication in your services.
Postfix might need manual work:
Postfix: /etc/sasl2/smtpd.conf: pwcheck_method: saslauthd mech_list: plain login
The above here is also set up the same.
Okay.
I have not edited the below to make these changes. I'll try adding permit_sasl_authenticated, as this looks like it may solve my user login issue. Will try that and revert.
/etc/postfix/main.cf: # auth smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous
Then you should be able to use authentication with Postfix: telnet postfix-server 25 ehlo clientname you should get something like this: 250-japantest.homelinux.com 250-PIPELINING 250-SIZE 100000000 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Important is the "250-AUTH LOGIN PLAIN" line of the capabilities.
A bit of advice: don't implement everything at once. Do it in small steps, so you can understand the changes and retrace if necessary.
As you can tell, I am taking this slowly, and one step at a time. I cna't work on this every day, but will do more this weekend.
Very good. Do yourself another favor and make backups bevore you change the config files. (^-^) If you break something a simple diff will tell you what you changed. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org