Re: annotation_definitions and other options in imapd.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/03/2014 06:53 AM, Adam Tauno Williams wrote:
>>     auth_mech:
>> - Isn't this handled by SASL?
>
> Partially, yes.  Don't forget that identity management is AAA - three
> As, not one.  Authorization, Authentication, Accounting.
>

So, for example:

Authorization would be
    cm user.username in cyradm
Authentication would be
    saslauthd -> PAM --> PAM modules
Accounting would be setting permissions and quotas
    sam user.username write
    sq user.username N

I'm still not seeing where auth_mech or ldap options fit into this, 
although Sven seems to have offered an explanation:  there is some 
undocumented way of bypassing saslauthd. Which, if true, I suggest is a 
terrible idea and should be stripped out of the code.  Allowing for 
direct PAM authentication might work somehow, assuming there is a way to 
handle TLS authentication.  Authentication architecture needs to be 
less, not more complicated in general in the unix/linux world.

Anyway, thanks Adam and Sven for the replies -- that was extremely helpful.

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux