RFC: runtime-selectable auth modules for Cyrus

Voutsinas Nikos nvoutsin at noc.uoa.gr
Fri Dec 20 12:56:56 EST 2002


> Dragging up an old thread.
> 
> On Sun, 18 Aug 2002, Henrique de Moraes Holschuh wrote:
> 
> 
>>Well, I have been looking at lib/auth*, and at the auth_ldap patch.  I want
>>to be able to somehow switch the auth backend Cyrus uses at runtime  --  the
>>idea of compiling Cyrus twice to have different auth backends _really_
>>doesn't sit well with me.

auth_ldap patch? Is it available?
>>
>>Either linking them all and selecting the backend using a config option, or
>>using dlopen modules (if I go that way, I will be using the postfix code for
>>dynamic dictionaries as a template) would fix the issue.
>>
>>I prefer the config option and compile-time linkage, since it is simpler,
>>far less error prone, much more portable, and easier to code.
> 
> 
> Have you taken a look at auth_pts in 2.2?  It basically outsources both
> canonicalization and group lookups to an external process, which is
> perhaps the overall easiest way of doing this (though I do see future
> versions of Cyrus/SASL making better use of canon_user SASL plugins and
> auxprop plugins).

Can you provide me with some details on the design of this external 
process?

Let me notice the performance drawbacks that may arise with bind/unbind 
operations when ldap is involved.





More information about the Info-cyrus mailing list