On Wed, 11 Feb 2004, Igor Brezac wrote: > > On Wed, 11 Feb 2004, Shelley Waltz wrote: > > > I am interested in knowing the difference and/or advantages > > of the ways one can use ldap authentication with sasl. > > > > One way is to use saslauthd -a ldap, which uses the auth_ldap > > module for saslauthd. > > > > Another way is to use saslauthd -a pam and then specify ldap > > as the auth mechanism in the various pam.d services such as > > smtp or imap. > > > > saslauthd/ldap combination will give you better performance and in general > it is more stable. Some pam implementations/modules leak memory.
And without PAM it's one less layer to debug. And you will be debugging. Cyrus IMAP and SASL are great, but they are not simple. As always, Occam's Razor is a handy tool. If you don't have a clear need for PAM integration with SASL, eliminate it. Good luck. -- Andrew --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
