Re: admin authentication

Farzad FARID <ffarid@xxxxxxxxxxxxxxxxxxxx> · Mon, 25 Sep 2006 13:51:34 +0200

Marten Lehmann wrote:
Hello,

we will use LDAP through saslauthd to authenticate our users.

Is there a way to authenticate admin-users a different way at the same
time? Best would be to hardcode a md5-password within the imapd.conf or
to use /etc/passwd for that. But I don't want to pass everything
through PAM just to authenticate the admin user.

Hi,

You can use saslauthd/LDAP for your users and a local sasldb2 file for
your admins. You don't need PAM at all.

I use both LDAP and sasldb with these config lines:

  sasl_pwcheck_method: auxprop saslauthd
  sasl_auxprop_plugin: sasldb

The following commands, sasldblistusers2 & saslpasswd2, can be used
to administer the /etc/sasldb2 file.

With this configuration you will have the added benefit of digest-md5
or cram-md5 authentication for your admins (but not for LDAP users
AFAIK, unless using cleartext password in the LDAP directory, which I
wouldn't do).

 Regards

-- 
Farzad FARID <ffarid@xxxxxxxxxxxxxxxxxxxx>
Architecte Open Source / Pragmatic Source
http://www.pragmatic-source.com/

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html