Saslauthd and 2 authentication mechanism

Igor Brezac igor at ipass.net
Fri Jul 1 09:38:41 EDT 2005


On Fri, 1 Jul 2005, Paul van der Vlis wrote:

> Andrew Morgan schreef:
>>
>> On Thu, 30 Jun 2005, Paul van der Vlis wrote:
>>
>>> Igor Brezac schreef:
>>>
>>>>
>>>> On Wed, 29 Jun 2005, Paul van der Vlis wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I want to use 2 authentication mechanisms with Saslauthd. When the
>>>>> first
>>>>> one gives "no", it should try the other one.
>>>>>
>>>>> The man-page says: "saslauthd supports one or more 'authentication
>>>>> mechanisms',
>>>>
>>>>
>>>> This does not say that you can use more than one concurrently.
>>>>
>>>> You can use only one at a time.
>>>
>>>
>>> Are you really sure? This is important for me.
>>>
>>> /etc/defaults/saslauthd in Debian says:
>>>
>>> # You must specify the authentication mechanisms you wish to use.
>>> # This defaults to "pam" for PAM support, but may also include
>>> # "shadow" or "sasldb", like this:
>>> # MECHANISMS="pam shadow"
>>>
>>> I want to use "pam ldap".
>>
>>
>> As an alternative, if you are already using pam why not use the pam_ldap
>> module in your pam config?
>
> Saslauthd with pam seems to be the more-stable and flexable alternative.

It is more flexible, but not more stable (see archives), performance is 
suspect as well.

>
> Is it possible in pam to use more then one module?

Yes.

-- 
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list