On Sun, 2002-01-13 at 00:18, Florian Bantner wrote: > On Sam, 12 Jan 2002, Kevin Littlejohn wrote: > > Seems to me so, too. > > I wonder if this problem is so far of that there are no > 'standard' ways of doing it. Every MTA has it's way, every > IMAP/POP3 MDA has it's own way - where mta1 only works with > mda2 and mta3 only with mda1. > > Worst of all the IMAP server who promote their own protocol > and see LDAP as its disabled stepbrother. > > But I think this is an inherent UNIX / LDAP problem. LDAP seems > a very powerful tool doing for UNIX everything the 'Regestry' has > done for windows - and more. Whats missing here is some standardized > way of how to do it. > > Got a little of topic, sorry. > > > Look to using pam for pop3 passwords, and configure pam to use ldap. > > That's the most likely way to make it work. > > > > KJL
I don't actually see it as that "non-standard". I've got a woody-based system I look after using LDAP for pretty much everything, via standard debian packages, and it's pretty simple once you get over the first hurdle of understanding how to lay out the info in an LDAP database - PAM handles most everything, certain modules have their own specific LDAP auth handlers that provide a touch more flexibility than PAM (eg. apache). The only nasty gotchya I ran into was MySQL - if nscd isn't running, and mysql's user is served out of LDAP instead of in the /etc/passwd file, mysql chokes badly on trying to retrieve username from uid (or something near there, I didn't look too much further than realising that nscd wasn't running and mysql was attempting to make queries of that type). I'm using, for reference, courier-imap, delivering into that from postfix (I like maildir, but dislike qmail). Courier uses it's own ldap auth module, postfix uses it's own LDAP module. ssh uses PAM, apache uses it's own module (for added flexibility), Zope uses it's own LDAP auth (because it does wierd and wonderful things with user info), I don't do POP or ftp thankfully but I'd imagine PAM support for both of those would be fine. passwd and su also lean on PAM, nscd/nsswitch understands to use LDAP for getpwnam type lookups. Each package that provides it's own module for LDAP seems to want specific extra info out of the LDAP database - or support specific extras. Each will, as far as I can tell, also use PAM if you really want to keep things centralised - the extended modules are pretty much optional, but worthwhile. I doubt you'll ever get a single centralised way of managing things, tho - and truth be told, even in Windows you don't get that - different packages will handle their own config info in different ways, if they're written by different people. Some packages abuse the registry, some keep all their config to themselves, and so on and so forth. Certainly, the various games I have under Windows don't all have a standard way of configuring them, for what little configuration they might have. Hell, programs even differ in where to find the configuration info (control panel vs. file/configuration vs. view/properties vs. whatever else a given author may have thought was "intuitive") :) Now I'm way off topic ;) KJL -- Internet techie Obsidian Consulting Group Phone: +613 9653 9364 Fax: +613 9354 2681 http://www.obsidian.com.au/ [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]