[prev in list] [next in list] [prev in thread] [next in thread] 

List:       info-cyrus
Subject:    Re: Authenticating virtual domain users with saslauthd
From:       Igor Brezac <igor () ipass ! net>
Date:       2005-06-23 16:01:57
Message-ID: Pine.GSO.4.61.0506231150001.15502 () pula ! ypass ! net
[Download RAW message or body]

On Thu, 23 Jun 2005, Etienne Goyer wrote:

> Hi,
>
> I would like to authenticate virtual domain users using saslauthd.  I
> want the possibility to have the same username in more than one domain
> (ie etienne@example.com and etienne@test.com).  I will probably use LDAP
> as authentication backend, but this remain to be decided.
>
> Right now, for testing, I have saslauthd configured for PAM with shadow.
> I have a user etienne, and login is successful for any combination of
> etienne@domain.  I suppose saslauthd strip the @domain part, which would

No.  Your application does it, libsasl in particular.  It is actaully not 
stripped; the domain part is passed in as a separate parameter (realm) to 
saslauthd.  shadow auth mechanism does not use the realm parameter.

> break my setup when authenticating user from different domain with the
> same "username" (part before the @).

Start saslauthd -r ...  (Read saslauthd man page for more)

> If I use LDAP, my users would be in different OU.  Ideally, I could tell
> saslauthd to authenticate users from example.com in ou=exemple.com, etc.
> Is this possible somehow ?

Yes.

>
> Peripheric question : which syslog facility do saslauthd is logging to,
> and at what level for authentication success ?

LOG_AUTH

>
> Thanks for your input.  Please ask for clarification if I am not clear
> enough.
>
> Etienne Goyer
>

-- 
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[prev in list] [next in list] [prev in thread] [next in thread]