Definition of the PAM config file used by saslauthd per service
Dan White
dwhite at olp.net
Wed Nov 12 12:28:32 EST 2008
Veit Wahlich wrote:
> Hi list,
>
> I authenticate a Cyrus imapd through saslauthd's PAM authmech.
> Now I'd like to define a secondary imap service in cyrus.conf not
> accessing /etc/pam.d/imap but another PAM config file such
> as /etc/pam.d/imap-external.
> The goal is to have two imapds running (bound to different IPs or TCP
> ports) with different PAM auth service configs for internal and external
> access.
>
> Is there a configuration option in imapd.conf or so to control which PAM
> file is being accessed by saslauthd for a service?
>
Veit,
This was just discussed on the cyrus-imapd list:
http://www.mail-archive.com/info-cyrus@lists.andrew.cmu.edu/msg36412.html
To summarize, you could add a secondary entry in to /etc/cyrus.conf, e.g.:
imap2 cmd="imapd -U 30 -D" listen="127.0.0.7:imap"
In /etc/imapd.conf, you could add:
# First imap instance
imap_sasl_pwcheck_method: saslauthd
# Second imap instance
imap2_sasl_pwcheck_method: saslauthd
imap2_sasl_saslauthd_path: /path/to/second/saslauthd/mux
and then run two instances of saslauthd, the second using a separate socket.
I am not positive that 'imap2' would be passwd as the service name to
saslauthd however.
- Dan
More information about the Cyrus-sasl
mailing list