Ulrich Windl wrote:
Michael Strödermichael@stroeder.com wrote:
Hmm, if you don't want all your PAM system users to be valid e-mail users then simply don't use PAM. Sometimes one should rethink the software stack if requirements get more clear. smtpd sounds like postfix which has very flexible LDAP support.
Depending on the PAM/NSS system you're using there could be group authz mechs there too. But you did not provide enough information to really think about this. Personally I prefer to directly use the LDAP features of the software used.
The advantage of the PAM configuration seems to be that you only have to describe your LDAP structure once, and not for every application.
But if requirements (e.g. set of user accounts) differ you have to define different LDAP client or other configuration anyway. There is no issue if they are the same.
I thought there might by a method to restict the accepted users from the sasl configuration file, but it seems there is none.
Which would somewhat contradict your wish to use the very same configuration anyway.
Ciao, Michael.