SASL Multiple Pwcheck methods

Craig Ringer craig at
Tue Aug 10 14:28:04 EDT 2004

On Wed, 2004-08-11 at 01:34, Andrew Morgan wrote:

> Sure, just run 'saslauthd -a pam' to use pam authentication, then include
> pam_ldap in your pam config.  We do this here to authenticate against the
> /etc/shadow file for the cyrus admin user, and ldap for all the regular
> cyrus users.

Just be careful of leaky PAM modules, and consider the option of running
saslauthd with '-n 1' if leaks become an issue. I also use it with
libpam_ldap and libpam_unix without problems, but if you're using some
other methods things may not go as smoothly. IIRC pam_mysql is a
particularly bad offender.

Craig Ringer

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list