map of authentication methods for cyrus
craig at postnewspapers.com.au
Wed Nov 5 22:04:53 EST 2003
I posted a little while ago with a graphical map of the Cyrus
authentication methods - missing the Mechanism layer completely.
I think I have a better understanding of that now, and have
updated the document appropriately. Comments would be appreciated.
I'm about as far from an expert on Cyrus as there is, so apologies if
I'm dead wrong about something. I do think that a document like this
will be useful in showing people how things fit together, and the
various different "paths" through which Cyrus can handle
authentication/authorization . There are enough of them, after all ;-)
Later I'd like to collect and document some common working
configurations for the wiki, if folks are OK with that. I suspect that
the majority of users, at least Linux/BSD users, will probably want to
either hook Cyrus up to their existing PAM setup or plug it directly
into an LDAP directory. (If LDAP can be used for authentication against
MS Active Directory, that's cool ... otherwise NTLM will probably be
another common config). A few starting-point configs might be very
useful here, including an end-to-end explanation of how things fit
together. I plan to write up my config here
(cyrus->sasl->saslauthd->pam->ldap) as an example to start things off.
Again, of course, this is only if it's likely to be useful and if people
think it's a good idea.
Anyway, the updated diagram is at:
It's not an explanation of Cyrus's authentication on it's own, but
should be informative in combination with the existing docs. As I
personally found the hardest part about Cyrus to be figuring out how all
the various bits of the auth scheme fit together, perhaps this can help
others with that.
More information about the Info-cyrus