Authenticate Cyrus off active directory
Etienne Goyer
etienne.goyer at linuxquebec.com
Wed Dec 3 10:35:55 EST 2003
Hi,
We are doing it using Kerberos. It's (relatively speaking) easy.
First, read and follow the step described in
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
to make your Linux server interoperate with the AD KDC. Then set
saslauthd to use Kerberos instead of PAM :
saslauthd -n0 -a kerberos5
The -n0 is required as saslauthd with the kerberos5 plugin seriously
leak memory on RedHat 7.3.
That's about it ... if you have questions, feel free to ask !
On Wed, Dec 03, 2003 at 02:36:51PM +0000, Alain Williams wrote:
> Hi,
>
> I am seeking advice on how to authenticate Cyrus off a Microsoft Active directory server.
> The users will not have Linux accounts, I don't want to modify AD at all - the only Linux
> is the web mail, so I don't want to insert the extra (unix) fields into the database.
>
> I have saslauthd currently working off pam.
> I don't mind if I authenticate using kerberos or ldap - whatever works.
>
> I am running Cyrus and Sasl 2.1.15 on top of SuSE Linux (enterprise server 8).
> Uses will (mainly) access cyrus via horde/imp webmail.
>
> Can anyone give a simple HOWTO for this ?
>
> Many thanks.
>
> --
> Alain Williams
>
> #include <std_disclaimer.h>
>
> FATHERS-4-JUSTICE - Campaigning for equal rights for parents and the
> best interests of our children. See http://www.fathers-4-justice.org
--
Etienne Goyer Linux Québec Technologies Inc.
http://www.LinuxQuebec.com etienne.goyer at linuxquebec.com
More information about the Info-cyrus
mailing list