Date: Fri, 12 Jun 1998 10:19:33 -0700 (PDT) From: patl@phoenix.volant.org To: chas <panda@peace.com.my> Cc: "Scot W. Hetzel" <hetzels@westbend.net>, leifn@internet.dk, isp@FreeBSD.ORG Subject: Re: Only allow delivery of mail to users in aliases Message-ID: <ML-3.3.897671973.8670.patl@asimov> In-Reply-To: <3.0.32.19980612155552.0093b100@peace.com.my>
next in thread | previous in thread | raw e-mail | index | archive | help
> ... > Cyrus IMAPd does not necessarily require users in /etc/passwd in > order for them to have a mailbox. (and plus you can offer IMAP > mailboxes - more value add for customers perhaps). And it comes with support for POP3 access into the IMAP mailboxes. (NOTE that some of the IMAP features are not available through the POP protocol. This is a protocol restriction, not implementation.) > Cyrus is distributed with a choice of 2 authentication methods : > 1) Using the unix passwd file (which you have said that you do not > wish to do) > 2) Using Kerberos (which is, for some of us, more hassle that we can > do without). > > However, the authentication is done via a small program called > pwcheck. This seems easily hackable (though I've made a total > balls up of it over the past 2 weeks) to use any of the following : > 1) Radius authentication (i know a guy on a linux list who has > the mods for this) > 2) A different password file (look at getpwnam) Another easy way to do this is to simply run pwcheck in a chrooted environment. No source hacking required. > 3) A mysql database (someone on the FBSD-questions list mentioned > this - i haven't seen the mods myself though. anyone else ?) > 4) LDAP. Check http://www.wwa.com/~donley/ > Yes, I know that LDAP is not an authentication protocol per se... > but you can use it as such. > > ... > > Bottomline, Cyrus is a seriously cool piece of software > and I suspect your solution lies there - especially since the > you mentioned the use of mysql. Absolutely. IMHO one of the biggest wins is that except for the pwcheck daemon, the rest of the cyrus system, runs as an unprivileged user. -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ML-3.3.897671973.8670.patl>