Hello
We're using this pam_cas module (tested on CentOS 7 & 8) :
https://github.com/EsupPortail/esup-pam-cas
On cyrus frontend, cyrus-sasl is running with MECH="pam"
/etc/pam.d/imap :
#%PAM-1.0
auth sufficient pam_cas.so -simap://<CYRUS-FRONTEND> -f/etc/pam_cas.conf
auth sufficient pam_ldap.so
account sufficient pam_ldap.so
auth required pam_nologin.so
auth include password-auth
account include password-auth
session include password-auth
With that, it's OK for Wevmail+CAS and Thunderbird/Outlook
(authenticated against LDAP)
Hope it's help you.
Ismaël Tanguy
Le 15/06/2021 à 10:19, Luca Olivetti a écrit :
My users access the server either with thunderbird or with SOGo
(https://www.sogo.nu).
I configured cyrus to authenticate with saslauthd in ldap mode, i.e:
sasl_pwcheck_method: auxprop saslauthd
sasl_auxprop_plugin: sasldb
sasl_minimum_layer: 0
sasl_mech_list: anonymous login plain sasldb
(auxprop is for the cyrus user which is not in ldap).
With SOGo I'm currently using basic auth, so SOGo can use the same
credentials to login into cyrus and sieve, but I'm testing an SSO
solution based on lemonldap.
Lemonldap can fake basic auth and that works, but I'd like to use
either saml or cas.
There's a pam module for cas
(https://github.com/atiti/pam_cas-reloaded) and a pam/sasl module for
saml (crudesaml https://github.com/univention/crudesaml), but I only
see documentation on how to use them with dovecot.
Has anybody used either one with cyrus instead? How?
TIA
Bye
--
------------------------------------------
Cyrus: Info
Permalink:
https://cyrus.topicbox.com/groups/info/T5559395186250041-M45954c69182043fb896ed825
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
