map of authentication methods for cyrus
Simon Matter
simon.matter at ch.sauter-bc.com
Thu Nov 6 03:09:13 EST 2003
Hi Craig,
I just wanted to say that such a 'big picture' is VERY useful. One picture
says more than thousand words.
Thanks,
Simon
> I posted a little while ago with a graphical map of the Cyrus
> authentication methods - missing the Mechanism layer completely.
> I think I have a better understanding of that now, and have
> updated the document appropriately. Comments would be appreciated.
>
> I'm about as far from an expert on Cyrus as there is, so apologies if
> I'm dead wrong about something. I do think that a document like this
> will be useful in showing people how things fit together, and the
> various different "paths" through which Cyrus can handle
> authentication/authorization . There are enough of them, after all ;-)
>
> Later I'd like to collect and document some common working
> configurations for the wiki, if folks are OK with that. I suspect that
> the majority of users, at least Linux/BSD users, will probably want to
> either hook Cyrus up to their existing PAM setup or plug it directly
> into an LDAP directory. (If LDAP can be used for authentication against
> MS Active Directory, that's cool ... otherwise NTLM will probably be
> another common config). A few starting-point configs might be very
> useful here, including an end-to-end explanation of how things fit
> together. I plan to write up my config here
> (cyrus->sasl->saslauthd->pam->ldap) as an example to start things off.
> Again, of course, this is only if it's likely to be useful and if people
> think it's a good idea.
>
> Anyway, the updated diagram is at:
>
> http://www.postnewspapers.com.au/~craig/cyrus_authentication_map.pdf
> http://www.postnewspapers.com.au/~craig/cyrus_authentication_map.sxd
>
> It's not an explanation of Cyrus's authentication on it's own, but
> should be informative in combination with the existing docs. As I
> personally found the hardest part about Cyrus to be figuring out how all
> the various bits of the auth scheme fit together, perhaps this can help
> others with that.
>
> Craig Ringer
>
>
More information about the Info-cyrus
mailing list