El 16/6/21 a les 0:04, Vladislav Kurz ha escrit:
Hello,
I have several working Cyrus installations authenticated against AD, but I do
not use LDAP. Instead it authenticates via kerberos. To be more precise:
Cyrus/Exim -> Saslauthd -> PAM -> pam_krb5.so -> AD
Is there some advantage using pam_krb5 instead of pam_ldap/pam_winbind
or "saslauthd -a ldap"?
For distribution groups, aliases and such stuff I use LDAP queries in Exim. But
kerberos for authentication
Unfortunately kerberos does not give you groups. Maybe you could use winbind
and libnss-winbind to get groups from AD to Linux and use them as if they were
in /etc/group...
that's what I do, but then I don't have many active users and my DC is
samba not windows (though that shouldn't matter as long as the mail
server is joined to the domain).
Bye
--
Luca Olivetti
Wetron Automation Technology http://www.wetron.es/
Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007
------------------------------------------
Cyrus: Info
Permalink:
https://cyrus.topicbox.com/groups/info/T1c604a219c5fa805-M46c85ef59b86ddec497ab02e
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
