Re: --with-auth only for group memberships?

[Kevin P. Fleming]

Igor Brezac wrote:
--auth-auth specifies an authorization (not authentication) mechanism. 
The unix module is mostly useful for group.
OK, yeah, authorization vs. authentication, right. Since SASL cannot 
provide authorization details, Cyrus IMAP has to get them from somewhere 
else, so that's understandable.

This is not correct.  unix_group_enable is used only when you compile 
the unix authorization mechanism, otherwise it has not effect.
Understood. I'll continue using the combination of --with-auth=unix and 
unix_group_enable turned off, which will keep Cyrus IMAP from caring 
about group memberships (and looking at my passwd/group files).
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: --with-auth only for group memberships?

[Igor Brezac]

On Thu, 24 Feb 2005, Kevin P. Fleming wrote:
I've just reworked my Cyrus IMAP installation, and I'm beginning to get the 
impression that --with-auth (which defaults to "unix") is only for group 
memberships, and really has no other effect. It certainly doesn't seem to 
affect SASL in any way, which is what actually handles authentication.
--auth-auth specifies an authorization (not authentication) mechanism. 
The unix module is mostly useful for group.

Since I have "unix_group_enable: 0" in my imapd.conf file, does that mean 
that it no longer matters what I specify for --with-auth? If so, the 
documentation could use an update to make that abundantly clear, and ideally 
the option could be renamed so people don't think it has anything to do with 
actually authenticating users :-)
This is not correct.  unix_group_enable is used only when you compile the 
unix authorization mechanism, otherwise it has not effect.

--
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html