map of authentication methods for cyrus
Ken Murchison
ken at oceana.com
Thu Oct 30 10:21:46 EST 2003
Craig Ringer wrote:
> I'd really appreciate feedback on this - what have I missed, do I have
> anything just plain wrong, etc. I've left out some things - like the
> 'shadow' mechanism of saslauthd - that seem best solved using other
> methods (getpwent in that case). Also left out are the specific-vendor
> mechanisms like saslauthd's dce and sia methods.
Craig, this is a good start, but as Rob said, you've left out the
mechanism layer.
PLAIN, LOGIN and libSASL (for handling plaintext auth commands like IMAP
LOGIN, POP3 USER/PASS) can use both saslauthd and auxprop. EXTERNAL,
KERBEROS_V4 and GSSAPI don't use either, as they have there own
infrastructure. All the other mechs can only use auxprop. NTLM can
also proxy the auth to an actual NT/Win2K/Samba server.
There are currently three auxprop plugins: sasldb, SQL, LDAP
Hope this helps.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus
mailing list