Definition of the PAM config file used by saslauthd per service
Dan White
dwhite at olp.net
Thu Nov 13 15:21:56 EST 2008
Andreas Winkelmann wrote:
> Am Mittwoch 12 November 2008 18:28:32 schrieb Dan White:
>
>> Veit Wahlich wrote:
>>
>>> I authenticate a Cyrus imapd through saslauthd's PAM authmech.
>>> Now I'd like to define a secondary imap service in cyrus.conf not
>>> accessing /etc/pam.d/imap but another PAM config file such
>>> as /etc/pam.d/imap-external.
>>> The goal is to have two imapds running (bound to different IPs or TCP
>>> ports) with different PAM auth service configs for internal and external
>>> access.
>>>
>>> Is there a configuration option in imapd.conf or so to control which PAM
>>> file is being accessed by saslauthd for a service?
>>>
>> Veit,
>>
>> This was just discussed on the cyrus-imapd list:
>>
>> http://www.mail-archive.com/info-cyrus@lists.andrew.cmu.edu/msg36412.html
>>
> Unfortunately this will not help the OP. Yes, this would use separate
> saslauthd-Services for the two imap-Daemons, but unfortunately the Servicename
> which is used to connect to saslauthd is hardcoded in each Daemon. For imapd
> this is "imap". And this Servicename is interesting for the pam.d/file.
>
Thank for the correction. I suppose a work around might be to run one of
the saslauthd's in a chrooted environment, with a separate set of pam
libraries and configs.
- Dan
More information about the Cyrus-sasl
mailing list