El 16/6/21 a les 0:04, Vladislav Kurz ha escrit:
Hello, I have several working Cyrus installations authenticated against AD, but I do not use LDAP. Instead it authenticates via kerberos. To be more precise: Cyrus/Exim -> Saslauthd -> PAM -> pam_krb5.so -> AD
Is there some advantage using pam_krb5 instead of pam_ldap/pam_winbind or "saslauthd -a ldap"?
For distribution groups, aliases and such stuff I use LDAP queries in Exim. But kerberos for authentication Unfortunately kerberos does not give you groups. Maybe you could use winbind and libnss-winbind to get groups from AD to Linux and use them as if they were in /etc/group...
that's what I do, but then I don't have many active users and my DC is samba not windows (though that shouldn't matter as long as the mail server is joined to the domain).
Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es/ Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007 ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T1c604a219c5fa805-M46c85ef59b86ddec497ab02e Delivery options: https://cyrus.topicbox.com/groups/info/subscription
