map of authentication methods for cyrus

Craig Ringer craig at
Wed Nov 5 22:04:53 EST 2003

I posted a little while ago with a graphical map of the Cyrus
authentication methods - missing the Mechanism layer completely.
I think I have a better understanding of that now, and have
updated the document appropriately. Comments would be appreciated.

I'm about as far from an expert on Cyrus as there is, so apologies if
I'm dead wrong about something. I do think that a document like this 
will be useful in showing people how things fit together, and the 
various different "paths" through which Cyrus can handle 
authentication/authorization . There are enough of them, after all ;-)

Later I'd like to collect and document some common working 
configurations for the wiki, if folks are OK with that. I suspect that 
the majority of users, at least Linux/BSD users, will probably want to 
either hook Cyrus up to their existing PAM setup or plug it directly 
into an LDAP directory. (If LDAP can be used for authentication against 
MS Active Directory, that's cool ... otherwise NTLM will probably be 
another common config). A few starting-point configs might be very 
useful here, including an end-to-end explanation of how things fit 
together. I plan to write up my config here 
(cyrus->sasl->saslauthd->pam->ldap) as an example to start things off. 
Again, of course, this is only if it's likely to be useful and if people 
think it's a good idea.

Anyway, the updated diagram is at:

It's not an explanation of Cyrus's authentication on it's own, but 
should be informative in combination with the existing docs. As I 
personally found the hardest part about Cyrus to be figuring out how all 
the various bits of the auth scheme fit together, perhaps this can help 
others with that.

Craig Ringer

More information about the Info-cyrus mailing list