I posted a little while ago with a graphical map of the Cyrus authentication methods - missing the Mechanism layer completely. I think I have a better understanding of that now, and have updated the document appropriately. Comments would be appreciated.
I'm about as far from an expert on Cyrus as there is, so apologies if
I'm dead wrong about something. I do think that a document like this will be useful in showing people how things fit together, and the various different "paths" through which Cyrus can handle authentication/authorization . There are enough of them, after all ;-)
Later I'd like to collect and document some common working configurations for the wiki, if folks are OK with that. I suspect that the majority of users, at least Linux/BSD users, will probably want to either hook Cyrus up to their existing PAM setup or plug it directly into an LDAP directory. (If LDAP can be used for authentication against MS Active Directory, that's cool ... otherwise NTLM will probably be another common config). A few starting-point configs might be very useful here, including an end-to-end explanation of how things fit together. I plan to write up my config here (cyrus->sasl->saslauthd->pam->ldap) as an example to start things off. Again, of course, this is only if it's likely to be useful and if people think it's a good idea.
Anyway, the updated diagram is at:
http://www.postnewspapers.com.au/~craig/cyrus_authentication_map.pdf http://www.postnewspapers.com.au/~craig/cyrus_authentication_map.sxd
It's not an explanation of Cyrus's authentication on it's own, but should be informative in combination with the existing docs. As I personally found the hardest part about Cyrus to be figuring out how all the various bits of the auth scheme fit together, perhaps this can help others with that.
Craig Ringer
