Hi again, I have an interesting problem regarding Murder and authenticating user to LDAP via saslauthd. I want to keep all the user data in LDAP and do without synchronizing credentials on many frontend.
To authenticate against LDAP, I use saslauthd. As I understand it, saslauthd is only used for plain login. No problem, I can force plain login by adding "sasl_mech_list: PLAIN" in /etc/imapd.conf. As fas as I know, proxy on the frontend will not authenticate to backend via plain login, so I have my proxy_authname in /etc/sasldb2 on the backend. Here, I can't use "sasl_mech_list: PLAIN" in /etc/imapd.conf to force authentication against LDAP. So far so good, everything work. But my solution is crippled in two ways : 1. I can't make my backend directly available to client (thru referral, for example) because I can't force plain login (thus authenticating to LDAP) on them because that would break the frontend authentication process. 2. Frontend client authentication is crippled. Maybe some client could authenticate via better mechanism than plain login. It is sad to deny them the possibilitie, even though the obvious workaround is to use SSL. I suppose the most elegant solution to my problem would be to do without saslauthd and find some SASL plugin (auxprop ?) for LDAP. What would you guys suggest in this regard ? Any ong else I should consider ? Thanks for your answers and insights ! -- Etienne Goyer Linux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key Fingerprint: F569 0394 098A FC70 B572 5D20 3129 3D86 8FD5 C853
