From owner-freebsd-isp Sat Jan 4 16:06:08 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id QAA29643 for isp-outgoing; Sat, 4 Jan 1997 16:06:08 -0800 (PST) Received: from boris.clintondale.com (boris.clintondale.com [206.88.120.5]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id QAA29638 for ; Sat, 4 Jan 1997 16:06:05 -0800 (PST) Received: (qmail 13911 invoked by uid 1000); 5 Jan 1997 00:05:46 -0000 Date: Sat, 4 Jan 1997 19:05:45 -0500 (EST) From: Matt Hamilton To: Blaz Zupan cc: freebsd-isp@freebsd.org Subject: Re: Mail server In-Reply-To: <199701041722.SAA00920@gold.medinet.si> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 4 Jan 1997, Blaz Zupan wrote: > Oh, and a related question: does anybody know about > a POP3 server that would authenticate users through > either Radius or TACACS+? And also a local delivery > agent that would support this? I don't want to > have the users in my /etc/passwd file, I want all > of the authentication to be centralised in either > the Radius or TACACS+ server. I too am trying to set up a similar system and I'm looking for ways to authenticate via RADIUS for a mail server. The closest thing I have found is the Cyrus IMAP server. It does POP too. I was designed as a sealed system ie. people do not log on to the machine they just connect via POP#, IMAP and SMTP to send/receive mail. It is so designed that it does not run as root. It has it's own mail database and own mail dir format. You replace mail.local or /bin/mail with it's delivery program and it puts mail in its dir. It can use Kerberos to authenticate users so I'm sure it can/has been adapted to use RADIUS. As it doesn't run as root and have to change into users it doesn't (I don't think) need to know all the uid/gid/GECOS/homedir etc. stuff from etc/passwd only username/password so it should work with radius. The next step (which shouldn't be too hard) is to get Sendmail to accept mail for these people. The only way I can see is that whenever users are added/deleted from your RADIUS server a list is produced of usernames and Sendmail checks against that (It does something like this with dbm files). If I can't get Cyrus to do RADIUS then I will try and set up Kerberos and get the RADIUS server to pass the requests to Kerberos. Let me know how you get on as like I said, I am trying to do the same thing. Cyrus IMAP is at: http://andrew2.andrew.cmu.edu/cyrus -Matt ------------------------------------------------------------------------------- Matt Hamilton Clintondale Aviation matt@clintondale.com http://www.clintondale.com -------------------------------------------------------------------------------