admin authentication

Farzad FARID ffarid at pragmatic-source.com
Mon Sep 25 07:51:34 EDT 2006


Marten Lehmann wrote:
> Hello,
>
> we will use LDAP through saslauthd to authenticate our users.
>
> Is there a way to authenticate admin-users a different way at the same
> time? Best would be to hardcode a md5-password within the imapd.conf
> or to use /etc/passwd for that. But I don't want to pass everything
> through PAM just to authenticate the admin user.
>
Hi,

You can use saslauthd/LDAP for your users and a local sasldb2 file for
your admins. You don't need PAM at all.

I use both LDAP and sasldb with these config lines:

    * sasl_pwcheck_method: auxprop saslauthd
    * sasl_auxprop_plugin: sasldb

The following commands, sasldblistusers2 & saslpasswd2, can be used to
administer the /etc/sasldb2 file.

With this configuration you will have the added benefit of digest-md5 or
cram-md5 authentication for your admins (but not for LDAP users AFAIK,
unless using cleartext password in the LDAP directory, which I wouldn't do).

 Regards

-- 
Farzad FARID <ffarid at pragmatic-source.com>
Architecte Open Source / Pragmatic Source
http://www.pragmatic-source.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20060925/36f7700d/attachment.html


More information about the Info-cyrus mailing list