Re: --with-auth only for group memberships?
Igor Brezac wrote: --auth-auth specifies an authorization (not authentication) mechanism. The unix module is mostly useful for group. OK, yeah, authorization vs. authentication, right. Since SASL cannot provide authorization details, Cyrus IMAP has to get them from somewhere else, so that's understandable. This is not correct. unix_group_enable is used only when you compile the unix authorization mechanism, otherwise it has not effect. Understood. I'll continue using the combination of --with-auth=unix and unix_group_enable turned off, which will keep Cyrus IMAP from caring about group memberships (and looking at my passwd/group files). --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: --with-auth only for group memberships?
On Thu, 24 Feb 2005, Kevin P. Fleming wrote: I've just reworked my Cyrus IMAP installation, and I'm beginning to get the impression that --with-auth (which defaults to "unix") is only for group memberships, and really has no other effect. It certainly doesn't seem to affect SASL in any way, which is what actually handles authentication. --auth-auth specifies an authorization (not authentication) mechanism. The unix module is mostly useful for group. Since I have "unix_group_enable: 0" in my imapd.conf file, does that mean that it no longer matters what I specify for --with-auth? If so, the documentation could use an update to make that abundantly clear, and ideally the option could be renamed so people don't think it has anything to do with actually authenticating users :-) This is not correct. unix_group_enable is used only when you compile the unix authorization mechanism, otherwise it has not effect. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--with-auth only for group memberships?
I've just reworked my Cyrus IMAP installation, and I'm beginning to get the impression that --with-auth (which defaults to "unix") is only for group memberships, and really has no other effect. It certainly doesn't seem to affect SASL in any way, which is what actually handles authentication. Since I have "unix_group_enable: 0" in my imapd.conf file, does that mean that it no longer matters what I specify for --with-auth? If so, the documentation could use an update to make that abundantly clear, and ideally the option could be renamed so people don't think it has anything to do with actually authenticating users :-) --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html