cyrus mailbox authentication changing from NIS to LDAP
Dan White
dwhite at olp.net
Fri Sep 18 12:29:56 EDT 2015
On 09/18/15 15:48 +0100, Sunny wrote:
>Hi,
>
>I've inherited a cyrus mail server and I'm currently learning how it's
>setup and would like some advice changing from a NIS to LDAP
>authentication.
>
>At the moment, the imap server uses NIS to authenticate ssh
>connections and I believe to also authenticate users to their
>mailboxes
>
>imapd.conf
>sasl_pwcheck_method: *saslauthd*
>sasl_mech_list: PLAIN
>
>/etc/sysconfig/saslauthd
>MECH=*pam*
>
>From the above output I believe that cyrus will use the pam service to
>lookup authentication information to authenticate a users cyrus
>mailbox.
Correct.
>I want the imap server to use LDAP (via sssd) for ssh authentication
>and authenticating users to their mailboxes.
>
>If I configure the mail server to use sssd (also stop NIS) and update
>/etc/pam.d/system-auth with the required pam_sss.so entries, does
>anyone know or have experience if this change will allow users to
>authenticate to their mailboxes using LDAP?
Do you have imap/pop/etc. specific pam configuration (e.g.
/etc/pam.d/imap)?
If not, then it's likely that be all you need to do, with regards to cyrus
services.
As a test, you could created a dummy service pam configuration, such as
/etc/pam.d/willthiswork, with your ldap/sssd configuration, then then run
testsaslauthd with '-s willthiswork ...'.
--
Dan White
More information about the Info-cyrus
mailing list