Thanks, Andreas. That's probably enough to get me going. Can I ask how you discovered the "well hidden feature" of imapd.conf? Is there proper documentation for this anywhere? --On 29 October 2008 20:16:21 +0100 Andreas Winkelmann <ml@xxxxxxxxxxxxxx> wrote: >> I offer an IMAP service to 12000 users, but we don't offer POP3. >> >> However, we have a blind person who has a braille computer, with POP3 >> client, but no IMAP client. >> >> I've configured a perdition proxy which can give him POP, but not IMAP >> access. However, we're moving toward using Cyrus proxyd front end, with >> LDAP authentication (through SASL). >> >> Is there a way I can configure my murder cluster to perform a different >> IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, >> is there some other way that I can restrict POP3 access to certain users? >> >> I've got configuration files at >> /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf >> which just says: >> pwcheck_method: saslauthd >> mech_list: plain >> I presume I need a pop.conf file that's similar, but can't find any >> documentation. >> >> and >> /local/cyrus-sasl-2.1.22/etc/saslauthd.conf >> which specifies how to access the LDAP servers. >> >> I want everything the same, but with a different value for ldap_filter. >> Can >> I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus >> configuration, instead? > > If you want to use ldap for both cases, you have to use two diffrent > saslauthd's running. > > I would think about a diffrent auxprop Backend for example sasldb with > only one entry for this User. Use the well hidden feature in your > imapd.conf and separate them with: > ># SASL-COnfig only for pop3 Daemon > pop3_sasl_pwcheck_method: auxprop > pop3_sasl_auxprop_plugin: sasldb > pop3_sasl_mech_list: plain login cram-md5 digest-md5 > > and > ># SASL-Config for all other Daemons > sasl_pwcheck_method: saslauthd > sasl_mech_list: plain login > > or you can use just: > > sasl_pwcheck_method: auxprop saslauthd > sasl_auxprop_plugin: sasldb > > This would look in both backends. > > If you don't want to use sasldb and insist in using saslauthd, then > something like: > > pop3_sasl_saslauthd_path: /path/to/second/saslauthd/mux > > and configure a second independent instance of saslauthd with it's own > Configuration for this one User. -- Ian Eiloart IT Services, University of Sussex x3148 ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
