'=?utf-8?q?=5BSSSD-users=5D?= Re: sssd pam password'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sssd-users
Subject:    =?utf-8?q?=5BSSSD-users=5D?= Re: sssd pam password
From:       Simo Sorce <simo () redhat ! com>
Date:       2017-10-19 12:38:50
Message-ID: 1508416730.6230.71.camel () redhat ! com
[Download RAW message or body]

On Thu, 2017-10-19 at 02:59 +0200, Günther J. Niederwimmer wrote:
> Am Mittwoch, 18. Oktober 2017, 14:49:58 CEST schrieb Simo Sorce:
> > On Wed, 2017-10-18 at 14:46 +0200, Günther J. Niederwimmer wrote:
> > 
> > > Hello,
> > > 
> > > CentOS 7.4
> > > I mean this is a old question :-(.
> > > but is it possible to have a password from sssd ?
> > > 
> > > My Problem is, I installed FreeIPA and like to have a Dovecot
> > > SASL ->
> > > postfix 
> > > installation?
> > > 
> > > I configured Dovecot to use PAM, but with this I have no password
> > > for
> > > the 
> > > postfix!
> > > 
> > > What is the correct way to have a secure authentication for
> > > dovecot
> > > SASL -> 
> > > postfix?
> > > 
> > > Have I to do  this with LDAP or is it possible with a "normal"
> > > way.
> > > 
> > > Thanks for a answer,
> > 
> > 
> > What does "Dovecot SASL -> postfix" mean ?
> > Is dovecot being authenticated by postifx or postifx using dovecot
> > sasl
> > ? or something else ?
> 
> the way should be 
> 
> FreeIPA -> sssd -> PAM (??) -> dovecot -> postfix
> 
> > What SASL mechanism are you using ?
> 
> The dovecot SASL to postfix
> 
> But I found no way, to become a password from sssd for the postfix 
> authentication

I am sorry Günther, call me thick, but I cannot make sense of this. I
ran similar configurations before and if I understand it correctly what
  you are describing has all arrows reversed ?

Ie you want to authenticate users connecting to postfix using the
dovecot SASL plugin in a way that will have their plain text password
validated by SSSD, is that right ?

In that case all you need to do is to make sure your dovecot SASL
plugin can authenticate using PAM. The rest should just work.

If this is not the scenario then may try to explain what is the user
action you want to authenticate and we'll work our way through that
way.

Simo.

-- 
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic