Helo, We use cyrus-imapd on Centos 6 at work and I've got the following issue on authentication: Users can login via a mailer (imap/pop) or use a webmail (horde). The webmail uses a SSO-CAS and horde uses a CAS token to log in cyrus-imap). As the CAS tokens are one-time tokens they must been cached by saslauthd. For this we use PAM with saslauthd and 3 PAM modules. pam_cas checks if the password is a valid CAS token, then we try ldap and then a local account. cyrus-imap -> saslauthd (cache) -> PAM (pam_cas, pam_ldap, pam_unix) That works fine. The problem is: when a user uses the webmail and uses also a mailer (using imap), saslauthd will remove the CAS token previously cached when the mailer connects. So the webmail is disconnected. There is a patch to allow saslauthd to cache several passwords for one login but I would like to avoid this. As far I can see, the cache depends on the service used (ie if I connect via pop, the imap password is not cleared from the saslauthd cache). So I'm asking if there is a way to introduce another "service" on cyrus-imap that will be used by the webmail (on another port than 143). I mean a service in the saslauthd / PAM way (the parameter '-s' in testsaslauthd: imap, pop, sieve). I don't know where to start. Is there a way to achieve this? Thanks, best regards. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
