SASL/LDAP re-entrancy problem(?) on Debian 3.0
Rob Siemborski
rjs3 at andrew.cmu.edu
Fri Aug 30 10:10:38 EDT 2002
On Fri, 30 Aug 2002, Mika Iisakkila wrote:
> I had forgotten all about the IMAP group concept, and assumed
> SASLDB to be completely self-contained for authentication, like
SASLDB is entirely self-contained for authentication. Authorization is a
different story, however, and can only be accomplished at the application
level.
> it is for the users and their passwords. Are there any plans to
> separate the IMAP group lookups from the Unix groups, too?
> Or maybe the group lookups could be a configurable option,
> since I assume many sites don't use them at all?
UNIX group lookups are (will be) a configurable option in Cyrus 2.2, the
libcyrus API in 2.1 just doesn't allow it.
As it is, IMAP group lookups aren't bound to unix groups, you just have to
use one of the other auth_* modules. At this time, though, outside of an
AFS enviornment (via PTS groups), you're basically limited to UNIX groups.
We have considered writing an LDAP group plugin, but that probably won't
be done until we actually have a use for it locally.
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus
mailing list