On Mon, Feb 04, 2002 at 09:18:08AM -0500, Arthur Gong - Eipoo Technologies, Inc. wrote: > Can someone help me to understand how SASL works with PAM or verify my > understanding? > I found the following explanation from > http://www.sendmail.org/~ca/email/cyrus/sysadmin.html > ... > The PAM authentication for SASL only affects the plaintext authentication it > does. It has no effect on the other mechanisms, so it is incorrect to try to > use PAM to enforce additional restrictions beyond correct password on an > application that uses SASL for authentication. > ... > Does it mean that SASL/PAM only works AUTH=PLAIN? (my understanding: it > doesn't work with AUTH=LOGIN) Although PAM is capable of using non-plaintext authentication methods through binary prompts, most PAM password-handling modules are plaintext-only, and most PAM modules that aren't have corresponding SASL mechanisms. I don't believe anyone has worked out what needs to happen in order to do PAM binary prompts through SASL -- you would probably still be using AUTH=PLAIN, though, because there's no way for PAM to signal to SASL what types of modules are in use. Steve Langasek postmodern programmer
Attachment:
pgp00037.pgp
Description: PGP signature
