Control of expired passwords with SASL + LDAP
sandro at linux2business.com.br
Fri Oct 23 10:20:44 EDT 2009
I'm using LDAP to authenticate users on the Cyrus Imap Server, with
Thunderbird and eGroupware, and also in the workstations.
On the E-mail server, I'm using saslauthd with LDAP and when password
expires, you can still access the mailbox through Thunderbird.
My goal is just to solve this problem, because both eGroupware and PAM
already do this for me.
Do you have any idea?
Dan White escreveu:
> ppolicy is documented in the slapo-ppolicy man page (from OpenLDAP).
> It may
> not be a good fit if you're trying to enforce a password policy onto a
> cyrus imap server.
> You could use saslauthd with its PAM backend to enforce your password
> policy, assuming you're only using PLAIN/LOGIN mechanisms.
> How does LDAP fit into your overall picture?
> On 23/10/09 11:10 -0200, Sandro Venezuela wrote:
>> Thanks Dan for your reply.
>> Today, expired passwords are controlled by PAM on the workstations
>> and how
>> do I use openSUSE Linux that is easy to implement.
>> But the server I'm using only SASL+LDAP and wanted something similar
>> to PAM, but I'll be searching ont the Internet the use of ppolicy to
>> solve my problem.
>> Do you have any documentation to show about ppolicy?
>> Dan White escreveu:
>>> On 22/10/09 21:36 -0200, Sandro Venezuela wrote:
>>>> I have a e-mail server with Cyrus + SASL + LDAP and would like to
>>>> prohibit access to mailbox of the User when it is with the expired
>>>> password. How can I do that?
>>> Cyrus SASL doesn't have a concept of password expiry. What mechanism is
>>> controlling when your passwords expire? OpenLDAP ppolicy? or system
>>> expiration (PAM)?
Linux2Business - Soluções em Linux
Rua Aracati, 488 - Santo André - SP
Fone: (11) 4472-4418 - (11) 8485-1049
More information about the Cyrus-sasl