On Tue, 24 Jun 2003, Bobby R. Cox wrote: > > > Hoping to draw from others current/past experience. What would you > > > suggest to be the best way to authenticate mail users at the ISP level. > > > > Can you be more specific? Are you asking about database backends, client > > authentication, etc? > > I guess I would have to say which ever is most efficient as well ease of > implementation. We currently use OpenLDAP.
Being a school, our setup will be a bit different than for an ISP. Users have accounts on multiple machines, we do no hosting and have only one domain, etc. OpenLDAP is our backend, and multiple machines and programs authenticate against it. PAM is used for authentication, NSS for resolving user names, rather than having virtual users. So every user is "real" on the mail server, but since only the imap and pop services in /etc/pam.d are set up to use ldap, users can only check mail, not login in any other way (except for us admins in /etc/passwd). If LDAP is working good for you, there's probably no need to use a different database type. User authentication for sending (relaying) mail is through just being on-campus or having checked mail recently (pop-before-smtp). We're currently looking at moving to smtp auth, which is more secure and after initial setup, easier for most people. If you have more questions and don't think there's enough interest here, feel free to email me off-list. I'm inclined to think that people want to see what can be done with a Linux system. (I suppose it is off-topic - our servers are Debian Woody.) -- Marshal Newrock, Simon's Rock College of Bard Caution: product may be hot after heating -- [EMAIL PROTECTED] mailing list
