5 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Account Disabled ...| From | Sent On | Attachments |
|---|---|---|
| Charlie Davis | Aug 19, 2003 5:52 pm | |
| Mitch (WebCob) | Aug 19, 2003 9:39 pm | |
| Tim Hunter | Aug 19, 2003 9:45 pm | |
| James A Baker | Aug 20, 2003 12:20 am | |
| Charlie Davis | Aug 20, 2003 11:31 am |
| Subject: | Re: [courier-users] Account Disabled with MySQL? | |
|---|---|---|
| From: | James A Baker (blam...@bellsouth.net) | |
| Date: | Aug 20, 2003 12:20:53 am | |
| List: | net.sourceforge.lists.courier-users | |
On Tuesday, Aug 19, 2003, at 17:48 US/Central, Charlie Davis wrote:
Does courier have any ability to deny login to accounts that are still in the database? I'd like to have it so if an account gets disabled, courier rejects the login to it. Is this possible?
-Charlie Davis
Sure.
Solution A, aka "messy" or "sloppy" method: Reset the password of any disabled account to something that would never be valid, such as a normal string in a cryptpw field (and to a blank clearpw field if it's not already) -- like "-DISABLED-".
Solution B, aka "lame": Change the user id in such a way that it will no longer validate. (i.e. convert the first character -- or 5 -- to HTML escape sequences; or rot13 the whole id string; or ... well, you get the idea.)
Solution C, aka "better": Use another field in the database record that marks an account as active or inactive and use the MYSQL_WHERE_CLAUSE to check its value during authentication. (e.g. I could use 'PGSQL_WHERE_CLAUSE active=1' in my authpgsqlrc file, seeing as I use PostgreSQL instead of MySQL over here)
Solution C.2, aka "better: the alternate version": Use another field as in C, but create your own entire select statement with the MYSQL_SELECT_CLAUSE option... if that's more appropriate to your situation.
Solution D, aka "the stuff I didn't think of".....
-jab