i don't agree. qmail+qmail-ldap is one way to do it, but in my opinion itOr, perhaps the more obvious reason that you don't want to give all of your users PAM access. This is the case on the systems that I've configured, where some shell access (authenticated via PAM-LDAP) is necessary, but most users are simply pop/imap/webdav users, and as such don't even need system uid/gid's.
duplicates a bunch of common code that already exists on PAM-capable OSes
(like linux & solaris). if you use a PAM-capable OS and just configure
the OS to authenticate and authorize users out of LDAP, qmail sees them as
standard users (all of the standard C library functions for things like
getuid gateway to PAM which gateways to LDAP).
to be fair, there are at two good reasons for not using PAM as far as i
can tell:
1) you are using OpenBSD for its security properties. in spite of the
2) you are using a PAM-capable OS but you trust the qmail-ldap patch's
implementation of LDAP authentication/authorization more than you trust
b.
