Saslauthd and 2 authentication mechanism
Andrew Morgan
morgan at orst.edu
Fri Jul 1 12:50:26 EDT 2005
On Fri, 1 Jul 2005, Igor Brezac wrote:
>> Saslauthd with pam seems to be the more-stable and flexable alternative.
>
> It is more flexible, but not more stable (see archives), performance is
> suspect as well.
>
>>
>> Is it possible in pam to use more then one module?
>
> Yes.
Here is what my /etc/pam.d/imap file contains:
auth sufficient pam_unix.so
auth required pam_ldap.so
account sufficient pam_unix.so
account required pam_ldap.so
Also, I would recommend running saslauthd as:
saslauthd -n0 -a pam
The -n0 tells saslauthd to fork a new process for each authentication
request. This prevents memory leaks in the pam libraries from accumulting
in saslauthd, although it does add some more overhead to the
authentication process. We haven't noticed any performance problems here.
I'm sure straight ldap (non-pam) is faster, but not enough to make a
difference for us.
Andy
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list