Hi, I'm moving my personal mail-service to a new machine and have the luxury of being able to completely redo where data is stored without having to worry about backwards compatibility. I'd like to be able to use LDAP for storing groups and to allow canonicalisation of a userid to a standard form and preferably also storing the mail password used for DIGEST-MD5, whilst using Kerberos too. If there's a way to map user TLS certificates to a userid for EXTERNAL auth too, I'd be near ecstatic. At the moment I use Kerberos, sasldb and /etc/group with Cyrus IMAP 2.2.12; the new install is running 2.3.7. I'm happier storing cleartext passwords to allow secure wire authentication protocols, so saslauthd is not feasible (as I understand matters). As near as I can figure, ptloader can handle the canonicalisation but not the authentication, for which I can just use the built-in LDAP support once the userid has been canonicalised by ptloader. Is this correct? Does anyone have any examples of a working configuration for something like this, which they can share, please? Or pointers on ways to go or things to avoid (eg, because it's deprecated). Thanks, -Phil ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
