map of authentication methods for cyrus
Rob Siemborski
rjs3 at andrew.cmu.edu
Fri Nov 7 09:37:24 EST 2003
On Fri, 7 Nov 2003, Craig Ringer wrote:
> > GSSAPI/KERBEROS_V4 rely on the Kerberos Domain Controllers (KDC).
>
> Yeah. I left that off because it seemed pretty obvious, but p'haps it's
> best included.
It struck me as the same as a "Windows NT" authentication source.
> I personally like using PAM because it lets me centralise my
> authentication setup to one place, yet it's flexible enough to handle
> different needs for different apps. I like being able to use multiple
> sources of user information (it's handy when transitioning things). As
> it happens, I don't currently use anything but LDAP, but the flexibility
> is nice. As my Cyrus host doesn't have a high mail load, and has a lot
> of other roles as well, it's been useful to be able to just link Cyrus
> into the main LDAP config.
We've gotten a *lot* of complaints about using PAM with saslauthd (memory
leaks, instability, etc). In every case this has been tracked to problems
that originate from the PAM module, not saslauthd. This makes me very
leery of using PAM for anything that saslauthd offers a legitimate
alternative to.
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus
mailing list