Whoa there ! Did I open up a can of worms :-). Okay from what I understand, PAM and NSS will require system accounts wouldn't they ? Then I might have to worry about OS level security also. With "virtual" accounts in LDAP, I feel there is no security risk from these users. Am I right ?
Regards, Michael fuller ----- Original Message ----- From: "raymond" <[EMAIL PROTECTED]> To: "Todd Underwood" <[EMAIL PROTECTED]>; "Qmail LDAP Forum" <[EMAIL PROTECTED]> Sent: Monday, December 09, 2002 9:17 PM Subject: Re: Integrating Qmail with LDAP > Now that the dead horse is now also cold, I'd like to get a few licks in by > mentioning that's it's also easier to host mail for a lot of domains with > qmail-ldap. Also, it's nice to be able to have the same username at seperate > domains be entirely different accounts that authenticate w/ the full email > address. Not to mention [EMAIL PROTECTED] Or... If > you'r especially lazy, the convienience and simplicity of phpQLAdmin. This > tool is so simple you can offload most of your grunt work on any willing > flunky. Also, with qmail-ldap you are free to use your system uid/gid to > enforce disk quotas on a per domain or per orginization basis. Oh, and it's > probably faster too. ; ) > > -ray. > > On Sunday 08 December 2002 07:44 am, Todd Underwood wrote: > > dan, all, > > > > On Sat, 7 Dec 2002, Dan Melomedman wrote: > > > > i guess it depends upon what you mean by flexibility. you're right, > > > > the mailalternateaddress functionality of qmail-ldap is nice. on the > > > > other hand, the fact that i get configurability of various kinds of > > > > authentication and authorization for *all* system services out of PAM > > > > is also nice. > > > > > > Not all system services may be written to support PAM. Also PAM and NSS > > > are confused often. PAM means the pamified service is linked to the PAM > > > library, and is using the PAM API. NSS is a different story. > > > > an excellent point and one that has not been clear in the discussion thus > > far: probably all most users care about is nss, not necessarily pam. > > > > on the other hand, many linux distributions PAMify every system service > > already anyway, so again it depends on what you start with. i agree that > > if you didn't have an OS that had all system services PAMified (linked > > with the PAM library) then it would be a royal pain (and probably a > > security mistake) to do so. > > > > > > so you don't have data on the performance of LDAP authentications > > > > against PAM. too bad. i was hoping to see some. anyway, we'll throw > > > > out the "faster" claim that you made about qmail-ldap until we see > > > > those data. > > > > > > I don't, since I could really care less. I know I'll have less headaches > > > if I don't use PAM in the first place. > > > > that's fine. you were the one who said that qmail-ldap was "Faster". i > > tried to verify that claim and couldn't. you can't either and now you say > > that you don't care how fast it is. so we can stop talking about what is > > "Faster" until someone posts some numbers. > > > > > > the additional amount of code needed to support PAM on a system that > > > > comes bundled with it is 0. the additional amount of code needed to > > > > support LDAP in qmail in >0. > > > > > > Not with qmail. Qmail would need to be patched to support PAM. If you > > > mean NSS, then I agree. > > > > you're right. i really mean nss here. > > > > t. > > -- > Snow White has become a camera buff. She spends hours and hours > shooting pictures of the seven dwarfs and their antics. Then she > mails the exposed film to a cut rate photo service. It takes weeks > for the developed film to arrive in the mail, but that is all right > with Snow White. She clears the table, washes the dishes and sweeps > the floor, all the while singing "Someday my prints will come." > >
