Have you tried
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN GSSAPI
Our pine users connect useing a Kerb5 ticket.
Our other users (like Apple Mail) send us a username/password over a
secure connection.
They are then validated by saslauthd.
-Patrick
On Aug 25, 2005, at 12:42 PM, Tim Strobell ((Contractor)) wrote:
We need to support Kerberos credentials directly from the
clients; pam_krb5
only proxies the username and passwords to the KDC for
authentication.
I use gssapi authentication with Mutt against Cyrus using the actual
Kerberos credentials, so it would seem to work.
Of course -- but can Cyrus be configured to support _both_ Kerberos
(credentials authenticated via GSSAPI) and LDAP (via saslauthd)?
Some users
will use Kerberos credentials, others may use username/password
which we will
look up in LDAP. (It is not necessarily the case that all users
will have
corresponding Kerberos credentials, else pam_krb5 would be
appropriate.)
I suspect the answer is no, but I need independent verification.
-Tim
--
Tim Strobell, Sr. Systems Administrator V
202 767 8449
Center for Computational Science, Naval Research Lab F
202 404 7402
Code 5595 (A49-32), 4555 Overlook Ave SW, Washington DC 20375
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
