On Sat, 2004-05-08 at 02:45, Alexander Dalloz wrote:
Am Fr, den 07.05.2004 schrieb Michal Jaegermann um 08:21:
On Thu, May 06, 2004 at 10:08:53PM -0400, David Collantes wrote:
Cyrus on FC2 is compiled to use shadow passwords for authentication, so users must exist on the system before a mailbox is created with cyradm.
<quote> It differs from other IMAP server implementations in that it is run on "sealed" servers, where users are not normally permitted to log in. </quote>
So what is here really correct?
Michal
I like to ask the same question, as it was still not answered / validated by the other replies:
Is the information by David Collantes correct that cyrus-imapd coming with FC2 can only be used with system user account for each mail user?
Nope, I just beat it to death (learned all I know now about it in the last 2-3 hours) and I successfully used our official packages without users being listed in /etc/passwd or /etc/shadow by using sasldb authentication. I followed the instructions here:
http://asg.web.cmu.edu/cyrus/download/imapd/install.html
(specifically the "Authenticating Users" section)
I hardly doubt that because it would be total nonsense to not compile against sasl and to force such a setup. I think it is wrong and that just the default setup uses saslauthd with MECH=shadow, like already on FC1 this is the default setup for Sendmail's and Postfix's STMP AUTH. It would make some sense and the (more experienced) user can decide to use a different authentification mech / method for the mail account users like an LDAP backend or instead of using saslauthd directly requesting a sasldb2. As the upcoming cyrus-imapd package most widely is based on Simon Matter's great packaging (he does a really good job since long time), I assume being sticked to system user accounts is just wrong information.
Alexander
The instructions I used (as you will see) do bypass saslauthd entierly by calling sasldb through 'auxprop'. I have not probed the murky depths of saslauthd yet at all.