Am Donnerstag 13 November 2008 21:21:56 schrieb Dan White: > Andreas Winkelmann wrote: > > Am Mittwoch 12 November 2008 18:28:32 schrieb Dan White: > >> Veit Wahlich wrote: > >>> I authenticate a Cyrus imapd through saslauthd's PAM authmech. > >>> Now I'd like to define a secondary imap service in cyrus.conf not > >>> accessing /etc/pam.d/imap but another PAM config file such > >>> as /etc/pam.d/imap-external. > >>> The goal is to have two imapds running (bound to different IPs or TCP > >>> ports) with different PAM auth service configs for internal and > >>> external access. > >>> > >>> Is there a configuration option in imapd.conf or so to control which > >>> PAM file is being accessed by saslauthd for a service? > >> > >> Veit, > >> > >> This was just discussed on the cyrus-imapd list: > >> > >> http://www.mail-archive.com/info-cyrus@xxxxxxxxxxxxxxxxxxxx/msg36412.htm > >>l > > > > Unfortunately this will not help the OP. Yes, this would use separate > > saslauthd-Services for the two imap-Daemons, but unfortunately the > > Servicename which is used to connect to saslauthd is hardcoded in each > > Daemon. For imapd this is "imap". And this Servicename is interesting for > > the pam.d/file. > > Thank for the correction. I suppose a work around might be to run one of > the saslauthd's in a chrooted environment, with a separate set of pam > libraries and configs. Yes, that would be possible. Of course this depends on the pam-Config. If the OP wants to use pam to connect to other Daemons (mysql, ldap, kerberos) this may need to do changes to these Daemons as well. -- Andreas
