Questions about authentication

Wed, 07 Jan 2004 09:12:54 -0800

Hello fellow list members,

I'm currently designing (implementing, testing, etc.) a new mail system to replace our overworked single Sendmail server. I am testing a setup with two servers currently: one running Cyrus 2.1 (and MySQL, which will be moved in time), and one running Postfix with LMTP. SASL on both servers talks to MySQL for authentication, which seems to work, but after reading through some docs again and searching online, I'm not sure I understood some concepts correctly (specifically authentication and/or authorization).

I planned on using MySQL to define the accounts and passwords (and basically everything). This is pretty easy with Postfix, but after running into actual delivery issues (mailbox doesn't exist), I'm not sure if I can do this the way I hoped. It could be I just don't understand something. We host email for dozens of virtual hosts, so I've been looking at Cyrus 2.2 also, and will start testing that soon for the vhosting capabilities. Woohoo! :)

Basically I'm wondering if I can have Cyrus look to the MySQL server for authorization. I know Cyrus looks to SASL, which in turn looks to MySQL (through auxprop), for authentication, and I originally thought I could do this with authorization also. I thought I read somewhere Cyrus IMAP didn't need UNIX accounts to exist, but there may have been a "with Kerberos" part in there, or something similar, that I didn't notice. I actually don't think I let the difference between the two auth's sink in enough at first. Now it looks like I still need a UNIX account for each user, which cramps the virtual host setup (I don't like the whole "user0014" method, but if I have no alternative...). Or maybe I should look into using LDAP or Kerberos, hmmmm.

Reading through the 2.2 docs I saw a section mentioning the ability to bounce authorization off of UNIX accounts, Kerberos 4 and 5, and an external process "ptloader" for LDAP, etc.. Are there any implementations that use ptloader to talk to MySQL (or PostgreSQL, or...SQL :))?

Thanks!

Reply via email to