RFC: runtime-selectable auth modules for Cyrus
Rob Siemborski
rjs3 at andrew.cmu.edu
Thu Dec 19 16:11:55 EST 2002
Dragging up an old thread.
On Sun, 18 Aug 2002, Henrique de Moraes Holschuh wrote:
> Well, I have been looking at lib/auth*, and at the auth_ldap patch. I want
> to be able to somehow switch the auth backend Cyrus uses at runtime -- the
> idea of compiling Cyrus twice to have different auth backends _really_
> doesn't sit well with me.
>
> Either linking them all and selecting the backend using a config option, or
> using dlopen modules (if I go that way, I will be using the postfix code for
> dynamic dictionaries as a template) would fix the issue.
>
> I prefer the config option and compile-time linkage, since it is simpler,
> far less error prone, much more portable, and easier to code.
Have you taken a look at auth_pts in 2.2? It basically outsources both
canonicalization and group lookups to an external process, which is
perhaps the overall easiest way of doing this (though I do see future
versions of Cyrus/SASL making better use of canon_user SASL plugins and
auxprop plugins).
Currently ptloader doesn't have dynamically selectable modules, but I
think thats a fairly simple matter to resolve.
I also have an LDAP module working for this system, but not configurable
yet (so if anyone wants to authorize using the CMU LDAP server, it'll work
for them ;)
I may get this done over vacation, most likely it will be early January.
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus
mailing list