Definition of the PAM config file used by saslauthd per service

Dan White dwhite at olp.net
Thu Nov 13 15:21:56 EST 2008


Andreas Winkelmann wrote:
> Am Mittwoch 12 November 2008 18:28:32 schrieb Dan White:
>   
>> Veit Wahlich wrote:
>>     
>>> I authenticate a Cyrus imapd through saslauthd's PAM authmech.
>>> Now I'd like to define a secondary imap service in cyrus.conf not
>>> accessing /etc/pam.d/imap but another PAM config file such
>>> as /etc/pam.d/imap-external.
>>> The goal is to have two imapds running (bound to different IPs or TCP
>>> ports) with different PAM auth service configs for internal and external
>>> access.
>>>
>>> Is there a configuration option in imapd.conf or so to control which PAM
>>> file is being accessed by saslauthd for a service?
>>>       
>> Veit,
>>
>> This was just discussed on the cyrus-imapd list:
>>
>> http://www.mail-archive.com/info-cyrus@lists.andrew.cmu.edu/msg36412.html
>>     
> Unfortunately this will not help the OP. Yes, this would use separate 
> saslauthd-Services for the two imap-Daemons, but unfortunately the Servicename 
> which is used to connect to saslauthd is hardcoded in each Daemon. For imapd 
> this is "imap". And this Servicename is interesting for the pam.d/file.
>   

Thank for the correction. I suppose a work around might be to run one of 
the saslauthd's in a chrooted environment, with a separate set of pam 
libraries and configs.

- Dan


More information about the Cyrus-sasl mailing list