diff options
author | Timo Weingärtner <timo@tiwe.de> | 2013-05-28 19:16:37 +0200 |
---|---|---|
committer | Timo Weingärtner <timo@tiwe.de> | 2013-05-28 19:16:37 +0200 |
commit | c7344fa5ca42b3203ce7fc2ff8cb93b42bf78123 (patch) | |
tree | c4790500e80a2d34c4040ba21aae878a21223ee8 /contrib/warwick_duncan-cyrus_without_system_accounts.txt | |
parent | 9316590e28c0087f65b220c492188871637aa424 (diff) | |
parent | 201e799f7a2fcba3af2c9214f25545460ef9b08a (diff) | |
download | libpam-pwdfile-c7344fa5ca42b3203ce7fc2ff8cb93b42bf78123.tar.gz |
Merge tag 'v0.100' into debian
release 0.100
Conflicts:
contrib/README.txt
Diffstat (limited to 'contrib/warwick_duncan-cyrus_without_system_accounts.txt')
-rw-r--r-- | contrib/warwick_duncan-cyrus_without_system_accounts.txt | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/contrib/warwick_duncan-cyrus_without_system_accounts.txt b/contrib/warwick_duncan-cyrus_without_system_accounts.txt deleted file mode 100644 index 0144af1..0000000 --- a/contrib/warwick_duncan-cyrus_without_system_accounts.txt +++ /dev/null @@ -1,49 +0,0 @@ -On Tue, Jan 14, 2003 at 01:06:02AM +0100, Charl P. Botha wrote: -[...] -> ----- Forwarded message from Darren Gibbons ----- -[...] -> It is however possible with certain applications patched for pam -> (Cyrus IMAP server e.g.) that one does not need the users to -> exist in the system database. -[...] - -I've got it working with cyrus 2.0 and 2.1, so I'll give some pointers -on both. When I say `cyrus x' I mean cyrus imapd version x and -whichever version of sasl you need with it. - -Cyrus 2.0 ---------- - -- sasl must be configured with `--with-pam --enable-plain'; it doesn't - hurt to add `--disable cram --disable-digest' -- imapd must be configured with `--with-auth=unix' (sounds like you got - that right) -- in imapd.conf you need the line - sasl_pwcheck_method: PAM -- in /etc/pam.d/imap (on FreeBSD I believe you use /etc/pam.conf, but - the idea is similar) you need - auth required pam_pwdfile.so pwdfile /path/to/passwordfile - account required pam_permit.so -- make sure your password file is readable by user cyrus - -The idea of all this is to use the SASL PLAIN mechanism to get the -password in plaintext and then get SASL to leave the authentication to -PAM, which will use pam_pwdfile. - -Cyrus 2.1 ---------- - -- same as above, but different ;) in the details -- sasl must be configured with `--with-pam --with-saslauthd - --enable-plain' and I disable the rest (checkapop, digest, otp, krb4, - etc.) -- imapd should be configured with `--with-auth=unix' -- in imapd.conf you need the line - sasl_pwcheck_method: saslauthd -- start up saslauthd with `saslauthd -a pam' -- you need the /etc/pam.d/imap as above, as well as (an identical) - /etc/pam.d/sieve if you use timsieved - -I think that about covers it. One tricky bit with SASL is to get the -right mechanisms advertised; I do this by only compiling in support for -PLAIN and LOGIN. If the rest don't exist they can't cause problems. |