Hey Demi:
I would start with sql authentication for DBMail and rimap for MTA
authentication. I believe you are on the right track. Certainly you can use
auxprop/sql ("pam mySQL")although it's installation has some twists and
turns.
I imagine using LDAP for small systems where other applications need to
read-write a directory of simple data which is shared among apps. You have
suggested eGroupWare. I can see DBMail w/LDAP-auth (2.2 later this year)
getting the nod because it can fit an environment already having a populated
LDAP directory, IOW integrating with DBMail from an exisiting LDAP setup.
There is no way I would want the extra layer of LDAP on a 900-thousand
mailbox system though! Its a customization/extensibility thing. And the
database vs directory argument I am sure will continue among the
unenlightened ;o) SQL is emerging as a strong language and computing is
becoming less and less namespace-focussed and more object-oriented without
geo-awareness == directory looses, database wins. Meanwhile there are a
still gazillions of existing data directories (LDAP). I won't be struggling
with that decision--SQL/RDBMS-everything.
Don't read too much into the name "rimap" but instead just consider it to be
one of the mechanisms (methods) used by the SASL authentication server
(saslauthd).
(Arguably Remote IMAP is a misnomer in your case because you are
authenticating on the same host.) "ldap" is another method (answering your
other question) and MECHANISMS="ldap blah blah" can be used with parameters
as set out in the dist file "LDAP_SASLAUTHD". This is all independent of
DBMail and in the case of MECHANISMS="rimap -O localhost", the SASL
authentication server will work on any IMAP4 server.
The saslauthd daemon knows to use IMAP syntax from the instruction,
"MECHANISMS="rimap -O localhost"" in its config which says "forward
authentication requests to localhost:143" (but could be a remote host
specified by the -O flag as in "rimap -O 192.168.1.1"). The connection is
made to the DBMail IMAP server and the LOGIN command with supplied
credentials is issued. If LOGIN succeeds the requested connection (MTA SMTP)
is authenticated. The IMAP connection is closed upon receipt of the tagged
response from the 'LOGIN'. Concomittantly authenticatin fails if LOGIN is
rejected.
best...
Mike
----- Original Message -----
From: "Demi" <[EMAIL PROTECTED]>
To: "DBMail mailinglist" <[email protected]>
Sent: Friday, April 28, 2006 2:48 AM
Subject: Re: [Dbmail] pam setup
On 4/27/06, M. J. [Mike] O'Brien <[EMAIL PROTECTED]> wrote:
It would seem that 'rimap' is the simplest authentication
method. You are asking saslauthd to do the IMAP login
request for an SMTP authentication. It's fast and it's good.
Hi Mike
I figured I send you the Debian way for your wiki aka manual but you
guest it that's not all I have some questions.
What is the ANONYMOUS for in 'mech_list: PLAIN LOGIN ANONYMOUS'
and
you said with rimap we are authenticating against imap.
Does that mean it goes goes like this?
saslauthd
-->rimap
---->imap
-------->mysql answer OK or NOPE
------------->imap
----------------->rimap
---------------------->saslauthd
Does that also work with LDAP?
See my plan is it to have LDAP as the user DB so I was OK with
pam-mySQL for now till dbMail is ready to go production with the LDAP
module.
I mainly am going to move my xoops users over to this server and xoops
is going LDAP. I am also setting up egroupware which is also OK with
LDAP.
Now tell me is this rimap think still ok for my setup?
We are having sasl in postfix because we are running it chrooted:
nano /etc/postfix/sasl/smtpd.conf
mech_list: PLAIN LOGIN ANONYMOUS
pwcheck_method: saslauthd
nano /etc/default/saslauthd
START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
#MECHANISMS="pam"
MECHANISMS="rimap -O localhost"
--
Demi
_______________________________________________
Dbmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
