Hi Patrick, hm, I cannot really see the problem with authorization: My SQL
database doesn't contain any authorization information at all. Or do you mean
that a saslauthdb could contain users for different purposes (say, FTP server
access) who are not authorized for SOGo? For the latter I would recommend that
the authentication is done by SASL and the authorization by the PostgreSQL
table w/o the password field. However, obviously I have to accept that SOGo
does not currently support SASL. So I keep my configuration till SOGo comes to
support it ;) Thanks Mirko -----Ursprüngliche Nachricht----- Von: "Patrick Ben
Koetter" <[email protected]> Gesendet: Sep 9, 2010 11:56:06 PM An:
[email protected] Betreff: Re: [SOGo] Authentication against SASL >* Mirko Stoffers
: >> Hi Patrick, thanks for your reply. Yes, I also thought about that.
However, >> I'm not sure whether postgres is really a good source for
authentication. I >> think, postgres is more designed as a relational database
than a password >> storage, whilst the saslauthdb's only purpose is storing
passwords. In >> practice, when I insert the entries into the postgres database
with "insert >> into ... md5('...') ..." the passwords are shown on the screen
in clear and >> saved in the history file. That's why I would prefer using a
password >> storage (saslauthdb) for passwords. ;) Thanks, Mirko > >AFAIK SOGo
does not support SASL as authentication service because SOGo wants >more from
such as backend than only authentication. AFAIK SOGo wants >authorization too
and that is something SASL can't give you. > >So, to me, you are up to "use
PostgreSQL for all applications or use more than >one backend". If you want to
stick with both, but not maintain both, write a >script to generate a sasldb
from data taken from a PostgreSQL table. You could >even have a Python or Perl
listener hooked up to PostgreSQL recreating your >sasldb anytime data in the
PostgreSQL user table changes. > >p...@rick > > >>
============================= Patrick wrote: Mirko, * [email protected] : > >>
Hello community, for some reasons the mail I sent some hours ago did not > >>
make it neither to me nor to the archive. So I assume that it got lost > >>
somewhere and send it again this way. I apologize if my mail just was stuck >>
> somewhere. Here is the mail again: > Hello community, > > I am currently > >>
> setting up a SOGo installation for a small company. At least the mail > fu >>
> nctionality is working so far for now, so that I came to setting up all > >>
> the accounts. > > My exim and cyrus are configured to auth against SASL > >>
> (backend: saslauthdb), whilst SOGo auths against a postgres db. > >> >
Unfortunately, I didn't figure out how SOGo could auth against SASL which >> >
> would save me adding each user twice. > > So my questions: Does SOGo >> > >
support > SASL? What would you prefer instead? > > Thanks > > Mirko have >> > >
you considered doing it the other way around using PostgreSQL as auth >> > >
backend for SASL (and letting exim and cyrus SASL auth against a >> > >
PostgreSQL DB)? Something along these lines: # GENERIC options >> > >
pwcheck_method: auxprop auxprop_plugin: sql mech_list: plain login >> > >
cram-md5 digest-md5 # SQL auxprop plugin options sql_engine: pgsql >> > >
sql_hostnames: 127.0.0.1 sql_user: username sql_passwd: secret >> > >
sql_database: company sql_select: SELECT password FROM users WHERE user >> > >
= ´%...@´%r´ p...@rick -- state of mind Digitale Kommunikation >> > >
http://www.state-of-mind.de Franziskanerstraße 15 Telefon +4 >> 9 89 3090 4664
81669 München Telefax +49 89 3090 4666 Amtsgericht München
Partnerschaftsregister PR 563 >>
___________________________________________________________ >> WEB.DE DSL
SOMMER-SPECIAL: Surf & Phone Flat 16.000 für >> nur 19,99 €/mtl.!*
http://produkte.web.de/go/DSL-Doppel-Flatrate/2 > >> -- >> [email protected] >>
https://inverse.ca/sogo/lists > >> -- >> [email protected] >>
https://inverse.ca/sogo/lists > > >-- >state of mind >Digitale Kommunikation >
>http://www.state-of-mind.de > >Franziskanerstraße 15 Telefon +49 89 3090 4664
>81669 München Telefax +49 89 3090 4666 > >Amtsgericht München
Partnerschaftsregister PR 563 >
___________________________________________________________
WEB.DE DSL SOMMER-SPECIAL: Surf & Phone Flat 16.000 für
nur 19,99 €/mtl.!* http://produkte.web.de/go/DSL_Doppel_Flatrate/2
--
[email protected]
https://inverse.ca/sogo/lists
