Tony Finch wrote: > On Sun, 9 Jul 2006, Renaud Allard wrote: > >> All passwords are already stored in a kerberos server _AND_ a plaintext >> file (could be SQL, but this wouldn't change anything as this would be a >> plaintext store anyway). However, I still need 2 password's DB to >> provide all authentication possibilities. My goal is to have only one >> encrypted DB to hold all of the authentication data. And this DB has to >> be a kerberos server in order to provide GSSAPI auth. > > If you want Kerberos you need cyrus_sasl. >
I already compiled exim with cyrus_sasl and it works well with GSSAPI authentication. Exim also works well with cyrus_sasl for PLAIN, CRAM, LOGIN as they are available in cyrus. Dovecot also works well with PLAIN, LOGIN, GSSAPI, etc but doesn't use cyrus and isn't able to do PLAIN, LOGIN, CRAM with the kerberos authentication. So in my case, I have 2 databases to handle the passwords, one in plaintext for dovecot and exim for PLAIN, LOGIN, CRAM, and one on the kerberos server for GSSAPI. What that means is both databases should be treated differently based on the authentication scheme, which is very unpractical. Also, if passwords for GSSAPI are the same than plaintext ones, that means there is a plaintext file which contains all the principals passwords, which is IMHO a very bad idea. So, for the moment, I think I have 2 solutions: 1: switch to cyrus-imapd (which doesn't seem a good idea to me) 2: write a patch for dovecot which uses cyrus-sasl to mimic exim's behaviour Conclusion: I don't think this is an exim related problem anymore :)
signature.asc
Description: OpenPGP digital signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
