Hello
We're using this pam_cas module
(tested on CentOS 7 & 8) :
On cyrus frontend, cyrus-sasl is
running with MECH="pam"
/etc/pam.d/imap : #%PAM-1.0 auth sufficient pam_cas.so -simap://<CYRUS-FRONTEND> -f/etc/pam_cas.conf auth sufficient pam_ldap.so account sufficient pam_ldap.so auth required pam_nologin.so auth include password-auth account include password-auth session include password-auth
With that, it's OK for Wevmail+CAS
and Thunderbird/Outlook (authenticated against LDAP)
Hope it's help you.
Ismaël Tanguy
Ismaël Tanguy
My users access the server either with thunderbird or with SOGo (https://www.sogo.nu).
I configured cyrus to authenticate with saslauthd in ldap mode, i.e:
sasl_pwcheck_method: auxprop saslauthd
sasl_auxprop_plugin: sasldb
sasl_minimum_layer: 0
sasl_mech_list: anonymous login plain sasldb
(auxprop is for the cyrus user which is not in ldap).
With SOGo I'm currently using basic auth, so SOGo can use the same credentials to login into cyrus and sieve, but I'm testing an SSO solution based on lemonldap.
Lemonldap can fake basic auth and that works, but I'd like to use either saml or cas.
There's a pam module for cas (https://github.com/atiti/pam_cas-reloaded) and a pam/sasl module for saml (crudesaml https://github.com/univention/crudesaml), but I only see documentation on how to use them with dovecot.
Has anybody used either one with cyrus instead? How?
TIA
Bye
--
