saslauthd+pam+pam_ldap VS saslauthd+ldap

[Simon Matter]

> Hi,
>
> I have been working on a Mail System for several days.
> I used Postfix + Cyrus-IMAPd + Cyrus-SASL + OpenLDAP.
> LDAP Database is the accounts container.
> And the system should support virtual domains.
> All the processes which accesses the LDAP database thru saslauthd.
>
> I am using the saslauthd's ldap Authentications mechanism to auth
> against LDAP.
>
> But afaik that there are two motheds to implement this feature.
>
> The first one is which i used.
> And the other one is saslauthd's pam authentications mechanism.
> It could works with pam_ldap to implement the auth against LDAP.
> But it have one more layer than the above mothed.
>
> Imho, i think that less layers more quick.

Hi,

I'm using both versions on different servers and I can say they both work
very well for me. The pam way is more flexible if you have more than one
place where users are stored, say LDAP and MySQL, or you want to restrict
logins by other means like time or whatever.
The only problem I see with pam_ldap is with the cyrus-imapd virtual
domains. AFAIK it doesn't work for more than one domain because PAM
doesn't know about realms.

Simon


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html