how to authenticate on localhost without password?
Dan White
dwhite at olp.net
Mon Feb 27 11:53:16 EST 2012
On 02/27/12 10:32 -0600, Dan White wrote:
>Another option would be to utilize SASL EXTERNAL authentication to
>authenticate your users, locally, based on peercred. Cyrus IMAP does not
>currently have support for external auth, but I'm attaching a Linux
>specific patch, against cyrus 2.3.12, which works for me.
>
>I'm not sure how your spam processing fits into the picture, but your
>spawned processes will need to function as IMAP clients, and will need to
>be able to select the GSSAPI or EXTERNAL SASL mechanisms to use either of
>the above scenarios.
I forgot to mention that to use the EXTERNAL mechanism in this way, you'll
need to spawn an imapd process on a unix socket. E.g., in /etc/cyrus.conf:
imapunix cmd="imapd -U 30" listen="/var/run/cyrus/socket/imap"
And your IMAP client will need the capability to speak to an IMAP server
over that unix socket, like:
socat -d READLINE /var/run/cyrus/socket/imap
(c01 AUTHENTICATE EXTERNAL)
--
Dan White
More information about the Info-cyrus
mailing list