[prev in list] [next in list] [prev in thread] [next in thread]
List: info-cyrus
Subject: Re: Authenticating virtual domain users with saslauthd
From: Igor Brezac <igor () ipass ! net>
Date: 2005-06-23 16:01:57
Message-ID: Pine.GSO.4.61.0506231150001.15502 () pula ! ypass ! net
[Download RAW message or body]
On Thu, 23 Jun 2005, Etienne Goyer wrote:
> Hi,
>
> I would like to authenticate virtual domain users using saslauthd. I
> want the possibility to have the same username in more than one domain
> (ie etienne@example.com and etienne@test.com). I will probably use LDAP
> as authentication backend, but this remain to be decided.
>
> Right now, for testing, I have saslauthd configured for PAM with shadow.
> I have a user etienne, and login is successful for any combination of
> etienne@domain. I suppose saslauthd strip the @domain part, which would
No. Your application does it, libsasl in particular. It is actaully not
stripped; the domain part is passed in as a separate parameter (realm) to
saslauthd. shadow auth mechanism does not use the realm parameter.
> break my setup when authenticating user from different domain with the
> same "username" (part before the @).
Start saslauthd -r ... (Read saslauthd man page for more)
> If I use LDAP, my users would be in different OU. Ideally, I could tell
> saslauthd to authenticate users from example.com in ou=exemple.com, etc.
> Is this possible somehow ?
Yes.
>
> Peripheric question : which syslog facility do saslauthd is logging to,
> and at what level for authentication success ?
LOG_AUTH
>
> Thanks for your input. Please ask for clarification if I am not clear
> enough.
>
> Etienne Goyer
>
--
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic