folx, On Sat, 7 Dec 2002, [EMAIL PROTECTED] wrote:
> Michael Fuller wrote: > > > > Hi all, > > > > I need to implement Qmail with LDAP authentication and Webmail. What is the > > right path ? > > > > 1. Qmail + Qmail-LDAP patch + Sqwebmail > > You need qmail + qmail-ldap for the mta (at least). i don't agree. qmail+qmail-ldap is one way to do it, but in my opinion it duplicates a bunch of common code that already exists on PAM-capable OSes (like linux & solaris). if you use a PAM-capable OS and just configure the OS to authenticate and authorize users out of LDAP, qmail sees them as standard users (all of the standard C library functions for things like getuid gateway to PAM which gateways to LDAP). to be fair, there are at two good reasons for not using PAM as far as i can tell: 1) you are using OpenBSD for its security properties. in spite of the ongoing debacle that was OpenSSh last winter and much of this year, OpenBSD is still more secure than most OSes out there. it doesn't support PAM (probably because PAM is hard to code securely and hard to code at all). 2) you are using a PAM-capable OS but you trust the qmail-ldap patch's implementation of LDAP authentication/authorization more than you trust the PAM implementation. You're trying to reduce your exposure. this is a judgement call for you to make. i personally would rather use PAM-LDAP than add *huge* amounts of code from various sources to an otherwise extremely secure product (qmail), but YMMV. > Both, sqwebmail and courier use a standalone authentication daemon, you can use > the same for both. > If you compile and configure the daemon correctly, once done, both courier-imap > (imap and pop) and sqwebmail work fine, authenticating over ldap. > Read courier and sqwebmail documentation and faq. both excellent points. an imap daemon is definitely the easiest way to get webmail working and its not listed in the toolchain above. t. -- todd underwood, vp & cto oso grande technologies, inc. [EMAIL PROTECTED] "Those who give up essential liberties for temporary safety deserve neither liberty nor safety." - Benjamin Franklin
