RFC: runtime-selectable auth modules for Cyrus

Rob Siemborski rjs3 at andrew.cmu.edu
Thu Dec 19 16:11:55 EST 2002

Dragging up an old thread.

On Sun, 18 Aug 2002, Henrique de Moraes Holschuh wrote:

> Well, I have been looking at lib/auth*, and at the auth_ldap patch.  I want
> to be able to somehow switch the auth backend Cyrus uses at runtime  --  the
> idea of compiling Cyrus twice to have different auth backends _really_
> doesn't sit well with me.
> Either linking them all and selecting the backend using a config option, or
> using dlopen modules (if I go that way, I will be using the postfix code for
> dynamic dictionaries as a template) would fix the issue.
> I prefer the config option and compile-time linkage, since it is simpler,
> far less error prone, much more portable, and easier to code.

Have you taken a look at auth_pts in 2.2?  It basically outsources both
canonicalization and group lookups to an external process, which is
perhaps the overall easiest way of doing this (though I do see future
versions of Cyrus/SASL making better use of canon_user SASL plugins and
auxprop plugins).

Currently ptloader doesn't have dynamically selectable modules, but I
think thats a fairly simple matter to resolve.

I also have an LDAP module working for this system, but not configurable
yet (so if anyone wants to authorize using the CMU LDAP server, it'll work
for them ;)

I may get this done over vacation, most likely it will be early January.


Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

More information about the Info-cyrus mailing list