Authenticate Cyrus off active directory

Etienne Goyer etienne.goyer at
Wed Dec 3 10:35:55 EST 2003


We are doing it using Kerberos.  It's (relatively speaking) easy.

First, read and follow the step described in
to make your Linux server interoperate with the AD KDC.  Then set
saslauthd to use Kerberos instead of PAM :

saslauthd -n0 -a kerberos5

The -n0 is required as saslauthd with the kerberos5 plugin seriously
leak memory on RedHat 7.3.

That's about it ... if you have questions, feel free to ask !

On Wed, Dec 03, 2003 at 02:36:51PM +0000, Alain Williams wrote:
> Hi,
> I am seeking advice on how to authenticate Cyrus off a Microsoft Active directory server.
> The users will not have Linux accounts, I don't want to modify AD at all - the only Linux
> is the web mail, so I don't want to insert the extra (unix) fields into the database.
> I have saslauthd currently working off pam.
> I don't mind if I authenticate using kerberos or ldap - whatever works.
> I am running Cyrus and Sasl 2.1.15 on top of SuSE Linux (enterprise server 8).
> Uses will (mainly) access cyrus via horde/imp webmail.
> Can anyone give a simple HOWTO for this ?
> Many thanks.
> -- 
> Alain Williams
> #include <std_disclaimer.h>
> FATHERS-4-JUSTICE - Campaigning for equal rights for parents and the
> best interests of our children. See

Etienne Goyer                    Linux Québec Technologies Inc.       etienne.goyer at

More information about the Info-cyrus mailing list