cyrus mailbox authentication changing from NIS to LDAP

Dan White dwhite at
Fri Sep 18 12:29:56 EDT 2015

On 09/18/15 15:48 +0100, Sunny wrote:
>I've inherited a cyrus mail server and I'm currently learning how it's 
>setup and would like some advice changing from a NIS to LDAP 
>At the moment, the imap server uses NIS to authenticate ssh 
>connections and I believe to also authenticate users to their 
>sasl_pwcheck_method: *saslauthd*
>sasl_mech_list: PLAIN
>From the above output I believe that cyrus will use the pam service to 
>lookup authentication information to authenticate a users cyrus 


>I want the imap server to use LDAP (via sssd) for ssh authentication 
>and authenticating users to their mailboxes.
>If I configure the mail server to use sssd (also stop NIS) and update 
>/etc/pam.d/system-auth with the required entries, does 
>anyone know or have experience if this change will allow users to 
>authenticate to their mailboxes using LDAP?

Do you have imap/pop/etc. specific pam configuration (e.g.

If not, then it's likely that be all you need to do, with regards to cyrus

As a test, you could created a dummy service pam configuration, such as
/etc/pam.d/willthiswork, with your ldap/sssd configuration, then then run
testsaslauthd with '-s willthiswork ...'.

Dan White

More information about the Info-cyrus mailing list