I've rebuilt and installed Simon Matter's Cyrus RPMs on RH9 without any difficulty. I don't want to create user accounts on the system, just in Cyrus. However, I'm completely lost trying to figure out the best way to do this. Should I use PAM, Kerberos, SASL? None of which mean very much to
It's really difficult to tell you what's the best method here. There are so many way to do it. I'm using saslauthd->PAM->shadow or saslauthd->shadow on small workgroup servers where every user has a unix account anyway. On dedicated mailservers, I'm usually using saslauthd->PAM->LDAP or saslauthd->LDAP.
I personally get great results with saslauthd->PAM->LDAP and like that setup a lot. I would consider saslauthd->LDAP but found it much easier to get going via PAM. I've had no problems and have found some of the other capabilities provided by PAM very handy, so I think this is a good choice.
One thing that I didn't see mentioned in the docs: when using PAM, you need to make sure the PAM service name is the cyrus service name, ie "imap" or "pop", _not_ "saslauthd". So create a file, /etc/pam.d/imap, containing (basic redhat-ish config:)
auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth
and run saslauthd as 'saslauthd -a pam' - it should work then. Assuming I'm not forgetting something.
Craig Ringer
