[reposting to list, too]
On Thu, Nov 30, 2006 at 11:11:11AM +0000, Ben Wheare wrote:
> > Given that you probably want to also enable access to that mailbox for
> > Joe Bloggs :) you might wish to extend your thinking to using something like
> > pam_ldap for authentication and authorization on the mail server, so that
> > you could simply get the users and their home directories via PAM
>
> Thanks for the thought, but its solely for virtual users. What we're
> trying to build is a Samba PDC and mail server, all for virtual users,
> that will only have access to that.
> Only 2/3 people will have access to the server itself, and that'll be
> via standard /etc/passwd, adduser etc. Yeah, I'm sure we could do it all
> via LDAP, but we are all learning it as we go along, so trying to keep
> it simple at first :)
You could still implement them as "real" users, and have their shell set to
/bin/false so that they can never log in, and only use the services you let
them use.
Let me rephrase the idea a bit better: if you were using some sort of a
custom webmail and custom file server, where you'd have to write PAM support
or write LDAP support, then doing the latter would be okay, because it's
equally easy/hard to code either of the two. However, if you're already
using all these standard tools, all of which have PAM support already,
adding authorization via PAM in one fell swoop sounds like the way to go.
--
2. That which causes joy or happiness.
