don caprio skrev, on 22-12-2007 04:52: > I have Courier pop/imap installed on my CentOS 5 server. I'm using > postfixadmin for my user data base. > Postfix authentacation works ok using authdaemon. > > Can I use authdaemon as a backend to SASL or should > I use the mysql plugin and authenticate directly against my mysql data > base? I also see that it's possible to configure SASL to authenticate > using IMAP. > > I don't want to manage two user data bases one for > imap and teh over for SASL. > > Anyone have any recommendations or experience withg this?
Well, I can give you a parallel. I use a single replicated LDAP database to hold all my 1200 users for cross-site authentication for every service the site runs. Not just Postfix and Courier IMAP (and maildrop), but SquirrelMail (webmail), Windows (Samba), Linux Terminal Services (k12ltsp), Moodle (a school forums utility), OneOrZero (helpdesk utility) and much more. You can do the same with MySQL and Postfix/Courier IMAP. But several of the above utilities can't be configured with a MySQL backend. However, if you use cyrus-sasl's authdaemon for Postfix you'll be using the Cyrus SASL libraries built into Postfix, whereas Couriers authlib, used by Courier IMAP has its own SASL implementation. They can both use the same MySQL backend, though. But you have to configure Courier authlib for IMAP separately from Postfix/Cyrus. Using cyrus-sasl's authdaemon instead of auxprop will mean that you can only configure Postfix SASL for plain or login authentication; configuring for auxprop adds CRAM- and DIGEST-MD5. Courier authlib can be configured for CRAM-MD5 authentication as well as plain. Both can be configured for SSL/TLS encryption, which is a "must" if you're using plain or login authentication. If you have a large(ish) site and are just starting out, you might like to consider LDAP as a backend for authentication because there are so many other services (e.g. Samba) that just can't use a SQL backend. OTOH configuring LDAP (especially for auxprop) is generally considered a much steeper learning curve than MySQL. I have to have both (e.g. for SquirrelMail) for a couple of services. --Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
