Hello, we configured saslauthd for plaintext mechanisms (PLAIN, Login), so it can use pam. an Pam is configured to query against a Ldap Server. If username/password can log into the ldap Server, you are authenticated.
I think there are other ways of doing it (eg. not using pam as an extra mechanism) but its working good! We also only support imaps and have the ldap query ssl protected. cyrus server is 2.0: /etc/imapd.conf: sasl_pwcheck_method: pam cyrus server is 2.1 ( i think:) /etc/imapd.conf: sasl_mech_list: plain login sasl_pwcheck_method: saslauthd start saslauthd daemon with "saslauthd -a pam" /etc/pam.d/imap: #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so account sufficient /lib/security/pam_ldap.so dont forget to edit /etc/openldap/ldap.conf or /etc/ldap/ldap.conf, maybe your distri has it even in /etc/pam_ldap.conf there you can point pam_ldap to your ldap greetings --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
