Authenticating virtual domain users with saslauthd
igor at ipass.net
Thu Jun 23 12:01:57 EDT 2005
On Thu, 23 Jun 2005, Etienne Goyer wrote:
> I would like to authenticate virtual domain users using saslauthd. I
> want the possibility to have the same username in more than one domain
> (ie etienne at example.com and etienne at test.com). I will probably use LDAP
> as authentication backend, but this remain to be decided.
> Right now, for testing, I have saslauthd configured for PAM with shadow.
> I have a user etienne, and login is successful for any combination of
> etienne at domain. I suppose saslauthd strip the @domain part, which would
No. Your application does it, libsasl in particular. It is actaully not
stripped; the domain part is passed in as a separate parameter (realm) to
saslauthd. shadow auth mechanism does not use the realm parameter.
> break my setup when authenticating user from different domain with the
> same "username" (part before the @).
Start saslauthd -r ... (Read saslauthd man page for more)
> If I use LDAP, my users would be in different OU. Ideally, I could tell
> saslauthd to authenticate users from example.com in ou=exemple.com, etc.
> Is this possible somehow ?
> Peripheric question : which syslog facility do saslauthd is logging to,
> and at what level for authentication success ?
> Thanks for your input. Please ask for clarification if I am not clear
> Etienne Goyer
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus