cyrus-imap

Chris Kloiber ckloiber at ckloiber.com
Sun May 9 11:53:49 UTC 2004


On Sat, 2004-05-08 at 02:45, Alexander Dalloz wrote:
> Am Fr, den 07.05.2004 schrieb Michal Jaegermann um 08:21:
> 
> > On Thu, May 06, 2004 at 10:08:53PM -0400, David Collantes wrote:
> > > Cyrus on FC2 is compiled to use shadow passwords for authentication, so users must 
> > > exist on the system before a mailbox is created with cyradm.
> 
> > <quote>
> > It differs from
> > other IMAP server implementations in that it is run on "sealed"
> > servers, where users are not normally permitted to log in.
> > </quote>
> > 
> > So what is here really correct?
> > 
> >    Michal
> 
> I like to ask the same question, as it was still not answered /
> validated by the other replies:
> 
> Is the information by David Collantes correct that cyrus-imapd coming
> with FC2 can only be used with system user account for each mail user?

Nope, I just beat it to death (learned all I know now about it in the
last 2-3 hours) and I successfully used our official packages without
users being listed in /etc/passwd or /etc/shadow by using sasldb
authentication. I followed the instructions here:

http://asg.web.cmu.edu/cyrus/download/imapd/install.html

(specifically the "Authenticating Users" section)

> I hardly doubt that because it would be total nonsense to not compile
> against sasl and to force such a setup. I think it is wrong and that
> just the default setup uses saslauthd with MECH=shadow, like already on
> FC1 this is the default setup for Sendmail's and Postfix's STMP AUTH. It
> would make some sense and the (more experienced) user can decide to use
> a different authentification mech / method for the mail account users
> like an LDAP backend or instead of using saslauthd directly requesting a
> sasldb2. As the upcoming cyrus-imapd package most widely is based on
> Simon Matter's great packaging (he does a really good job since long
> time), I assume being sticked to system user accounts is just wrong
> information.
> 
> Alexander

The instructions I used (as you will see) do bypass saslauthd entierly
by calling sasldb through 'auxprop'. I have not probed the murky depths
of saslauthd yet at all.

-- 
Chris Kloiber






More information about the fedora-test-list mailing list