Hi, We are doing it using Kerberos. It's (relatively speaking) easy.
First, read and follow the step described in http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp to make your Linux server interoperate with the AD KDC. Then set saslauthd to use Kerberos instead of PAM : saslauthd -n0 -a kerberos5 The -n0 is required as saslauthd with the kerberos5 plugin seriously leak memory on RedHat 7.3. That's about it ... if you have questions, feel free to ask ! On Wed, Dec 03, 2003 at 02:36:51PM +0000, Alain Williams wrote: > Hi, > > I am seeking advice on how to authenticate Cyrus off a Microsoft Active directory > server. > The users will not have Linux accounts, I don't want to modify AD at all - the only > Linux > is the web mail, so I don't want to insert the extra (unix) fields into the database. > > I have saslauthd currently working off pam. > I don't mind if I authenticate using kerberos or ldap - whatever works. > > I am running Cyrus and Sasl 2.1.15 on top of SuSE Linux (enterprise server 8). > Uses will (mainly) access cyrus via horde/imp webmail. > > Can anyone give a simple HOWTO for this ? > > Many thanks. > > -- > Alain Williams > > #include <std_disclaimer.h> > > FATHERS-4-JUSTICE - Campaigning for equal rights for parents and the > best interests of our children. See http://www.fathers-4-justice.org -- Etienne Goyer Linux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
