saslauthd and ldap and ??? pam

Andrew J Caird andrew.caird at fccc.edu
Wed Feb 11 11:40:52 EST 2004


On Wed, 11 Feb 2004, Igor Brezac wrote:
>
> On Wed, 11 Feb 2004, Shelley Waltz wrote:
>
> > I am interested in knowing the difference and/or advantages
> > of the ways one can use ldap authentication with sasl.
> >
> > One way is to use saslauthd -a ldap, which uses the auth_ldap
> > module for saslauthd.
> >
> > Another way is to use saslauthd -a pam and then specify ldap
> > as the auth mechanism in the various pam.d services such as
> > smtp or imap.
> >
>
> saslauthd/ldap combination will give you better performance and in general
> it is more stable.  Some pam implementations/modules leak memory.

  And without PAM it's one less layer to debug.  And you will be
debugging.  Cyrus IMAP and SASL are great, but they are not simple.
As always, Occam's Razor is a handy tool.  If you don't have a clear need
for PAM integration with SASL, eliminate it.

  Good luck.
--
Andrew
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list