saslauthd+pam+pam_ldap VS saslauthd+ldap

Simon Matter simon.matter at
Fri Jun 4 01:30:37 EDT 2004

> Hi,
> I have been working on a Mail System for several days.
> I used Postfix + Cyrus-IMAPd + Cyrus-SASL + OpenLDAP.
> LDAP Database is the accounts container.
> And the system should support virtual domains.
> All the processes which accesses the LDAP database thru saslauthd.
> I am using the saslauthd's ldap Authentications mechanism to auth
> against LDAP.
> But afaik that there are two motheds to implement this feature.
> The first one is which i used.
> And the other one is saslauthd's pam authentications mechanism.
> It could works with pam_ldap to implement the auth against LDAP.
> But it have one more layer than the above mothed.
> Imho, i think that less layers more quick.


I'm using both versions on different servers and I can say they both work
very well for me. The pam way is more flexible if you have more than one
place where users are stored, say LDAP and MySQL, or you want to restrict
logins by other means like time or whatever.
The only problem I see with pam_ldap is with the cyrus-imapd virtual
domains. AFAIK it doesn't work for more than one domain because PAM
doesn't know about realms.


Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list