On Sat, May 12, 2001 at 11:36:32AM -0600, Tim Pushor wrote:
> I for one would vote for adding functionality into the SASL API.
I think it would be a bad idea since it cannot be done right. Could you
explain how you want to add accounting using the GSSAPI module?
> When I took my users out of my system accounts database and moved them into
> sasldb, all of a sudden I lost the ability to grant ACL's to groups -
> because SASL doesn't have any notion of anything but password secrets (and
> cyrus still defined a group in an ACL as a unix group).
Then modify Cyrus IMAPD not to use UNIX groups. Fix what is broken, but do
not try to fix what is not.
> As well, I would like to store other attributes about users in the
> authentication database as well as being able to enable and disable accounts
> easily.
It is should _not_ be the job of SASL in general. SASL assumes some kind of
authentication service to be present in the system. Enabling/disabling
accounts and accounting in general is the job of that specific
authentication service. If you make up a pam_sasldb module, you can use PAM
to do what you want without the need to bloat the Cyrus SASL library.
Gabor
P.S. If we are at wishlists, I'd like to see a '--disable-sasldb' option to
configure which disables every sasldb-related parts of Cyrus SASL...
--
Gabor Gombas Eotvos Lorand University
E-mail: [EMAIL PROTECTED] Hungary
