*BSD News Article 88207


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!news.kei.com!news.mathworks.com!news-peer.gsl.net!news.gsl.net!news-dc.gsl.net!news.gsl.net!news
From: John Lucas <jlucas@jnet.vi>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: [Q] POP: virtual clients?
Date: Mon, 03 Feb 1997 12:17:36 -0400
Organization: University of the Virgin Islands
Lines: 37
Message-ID: <32F60FA0.41C67EA6@jnet.vi>
References: <23e8bf14.u8t20e.452cd@slip106.termserv.siu.edu>
NNTP-Posting-Host: backen.uvi.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 2.01 (X11; I; FreeBSD 2.1.0-RELEASE i386)
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:34991

Jim Dutton wrote:
> 
> Hi Jesse, on Feb 1 you wrote:
> 
> > : Jesse Monroy (jmonroy@wco.com) wrote:
> > : : I'm checking to see if any of the packages for FreeBSD can have
> > : : virtual clients. By this I mean, NOT virtual email domains, but
> > : : users that can collect their email (with a pop3 client) and not
> > : : have a login account on the machine.
> > : :
> > mcurry@fred.net wrote:
> > : Why don't you make the login accounts, but disallow shell access?
> > :
> >       This has already been suggested and it is not
> >       an acceptable solution.
> 
> SOMEwhere along the line, there has to be some kind of userid/password
> authentication done. By default, the /etc/passwd database is used. One
> alternative would be to implement Kerberos and a "Kerborized" POP3 daemon
> AND "kerborized" Sendmail. A properly installed setup could then allow for
> user usage of a host running a POP3 server without them necessarily having
> an entry in /etc/passwd.
>

Why *not* use the /etc/passwd (really /etc/master.passwd)?. Create entries in the password
file (vipw or some other process) with the user's shell as "/usr/bin/passwd" and a dummy home
directory entry. No home directory is needed, and the user can only change their password if
a login is attempted. Their incoming mailbox will still be in /var/mail (no need to change
sendmail) and that is where POP servers will retreive it from. Since /usr/bin/passwd is not
in /etc/shells, this prevents ftp access as well. Create a special group ("popusers"?) that
has no rights anywhere and you should have a "POP mailbox" server. 
 
-- 
| John Lucas                          jlucas@jnet.vi                 |
| Information Technology              NIC Handle: JL423              |
| University of the Virgin Islands    (809) 693-1216                 |
| St. Thomas, VI 00802                http://www.jnet.vi/jlucas.html |