On 09/18/15 15:48 +0100, Sunny wrote: >Hi, > >I've inherited a cyrus mail server and I'm currently learning how it's >setup and would like some advice changing from a NIS to LDAP >authentication. > >At the moment, the imap server uses NIS to authenticate ssh >connections and I believe to also authenticate users to their >mailboxes > >imapd.conf >sasl_pwcheck_method: *saslauthd* >sasl_mech_list: PLAIN > >/etc/sysconfig/saslauthd >MECH=*pam* > >From the above output I believe that cyrus will use the pam service to >lookup authentication information to authenticate a users cyrus >mailbox. Correct. >I want the imap server to use LDAP (via sssd) for ssh authentication >and authenticating users to their mailboxes. > >If I configure the mail server to use sssd (also stop NIS) and update >/etc/pam.d/system-auth with the required pam_sss.so entries, does >anyone know or have experience if this change will allow users to >authenticate to their mailboxes using LDAP? Do you have imap/pop/etc. specific pam configuration (e.g. /etc/pam.d/imap)? If not, then it's likely that be all you need to do, with regards to cyrus services. As a test, you could created a dummy service pam configuration, such as /etc/pam.d/willthiswork, with your ldap/sssd configuration, then then run testsaslauthd with '-s willthiswork ...'. -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
