On Thu, 25 Aug 2005, Tim Strobell (Contractor) wrote:
> > We need to support Kerberos credentials directly from the clients; pam_krb5 > > only proxies the username and passwords to the KDC for authentication. > > I use gssapi authentication with Mutt against Cyrus using the actual > Kerberos credentials, so it would seem to work. Of course -- but can Cyrus be configured to support _both_ Kerberos (credentials authenticated via GSSAPI) and LDAP (via saslauthd)? Some users will use Kerberos credentials, others may use username/password which we will look up in LDAP. (It is not necessarily the case that all users will have corresponding Kerberos credentials, else pam_krb5 would be appropriate.)
I have not done this, but it should be possible. You can setup ldapdb/auxprop or saslauthd/ldap (or both) and make sure to offer gssapi mechanism.
-- Igor ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
