Your assumptions are right on.
(again this is all in the docs)
PAM is the "Pluggable Authentication
Module" which allows you to authenticate
users on your system via all kinds of
crazy methods... LDAP, SQL databases,
custom programs, other crazy schemes.
The catch with PAM, I believe, is that
it is system authentication not just
imap authentication. So when you
authenticate via passwd, shadow, or
PAM you are actually authenticating
against users on your system which
kind of defeats the purpose of
closed server. However that may be
what you what.
SASL is designed to be a generic
authentication system to allow many
programs and systems the ability to
authenticate in whatever method is most
convenient to them without having to
understand all the different backends
(and vice versa).
During compile time you only need to
specify if you are using kerberos
or unix authentication, and you specify
it while compiling the cyrus-imap
programs, not SASL. The default is unix.
So in the end you normally do not need to
concern yourself with specifying it unless
you know you need kerberos.
There is an imapd.conf line
"sasl_pwcheck_method" which defines how the
cyrus system is going to authenticate.
Hope that helps.
-- Michael --
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Michael Fair" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, November 30, 2000 7:07 PM
Subject: Re: creating new user account
> You wrote
>
> > The Cyrus system uses sasl to authenticate.
> > It can use:
> > passwd
> > shadow
> > kerberos_v4
> > pam
> > sasldb
> > 'role your own'
>
> Other than sasldb (where you generate your password using saslpasswd
> username), don't you have to tell cyrus-sasl what to use during compiling
> time? Can you compile cyrus-imap to do passwd, shadow, pam, and sasldb.
> Or you only only use one?
>
> I understand about sasldb and kerberos and ldap. But what is the
> difference between passwd, shadow, and PAM? This is what I am assuming
>
> 1. passwd will be /etc/password, just plaintext transfer of hash password
> 2. shadow will be /etc/shadow, much like passwd but using the shadow file
>
> Am I even close?
>
> dwc
>
>
>
