Nikola Milutinovic wrote:
Igor Brezac wrote:
On Sun, 21 Nov 2004, Dick Davies wrote:
* Vernon A. Fort <[EMAIL PROTECTED]> [1136 15:36]:
I have squid and samba authenticating by active directory and was trying
to figure out the best approach in getting the cyrus-imap accounts to
auth via active directory as well.
Can someone point me in the right direction - I cannot find an configuration example for cyrus-imap or cyrus-sasl.
Best way is probably to have cyrus auth via saslauthd, then saslauthd in turn talk to PAM, and use pam_ldap.
You can also use saslauthd built-in ldap or kerberos5 authentication mechanisms.
You can use also GSSAPI SASL plugin. Let me clarify.
This is a story about authentication. There are two things to consider.
1. How are your IMAP clients going to authenticate to the server 2. How does your infrastructure provide authentication
IMAP protocol uses SASL, which in turn has several defined mechanisms:
1. PLAIN 2. CRAM-MD5, DIGEST-MD5 3. KERBEROS_IV, GSSAPI 4. EXTERNAL 5. OTP 6. NTLM ...
Of these, only PLAIN (and perhaps OTP) is relay-able,
NTLM (Outlook calls it SPA) is relayable and the Cyrus SASL implementation will do this with a domain controller when configured.
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
