dboettger's Blog

Restrict authentication to specific groups only

Posted on: June 23, 2010

Today i had some trouble with the SMTP – authentication and postfix.
I just wanted that one group is able to authenticate against my postfix.
After reading the pam documentation for a while, i found the very nice solution to create a textfile with all allowed users.

I am using postfix sasl with pam authentication.
My /etc/pam.d/smtp now looks like that:

auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/smtp.group.allow
auth required /lib/security/pam_unix_auth.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_unix_passwd.so
session required /lib/security/pam_unix_session.so

Then i created the file /etc/smtp.group.allow.
This file looks like that:


# Add all the groups which are allowed
# to authenticate against postfix sasl
smtpusers

After changing these lines only users in the group smtpusers are allowed to authenticate.
Of course this can also be used for any other service using pam authentication. Just add the line
auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/
as first line in the pam.d/SERVICE – file.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Tweets

Advertisements
%d bloggers like this: