[SASAG] Linux Mail Server Authentication

Wil Cooley wcooley at nakedape.cc
Thu Jun 29 12:44:38 PDT 2006

On Thu, 2006-06-29 at 12:08 -0700, Eric wrote:
> As I understand it, one of the main reasons not to use the local account
> is for security reason on the box.  I've never used Openldap, but wonder
> if its more or less complicated than mysql.

LDAP is a whole different ballgame.  It's great for scale and
distribution, not great for simplicity and ease-of-use.  But what Atom
said still applies (assuming Postfix; I think Sendmail also uses Cyrus

Postfix -> saslauthd -> PAM -> pam_unix
                            -> pam_ldap
                            -> pam_krb5
                            -> pam_mysql
                            -> pam_pwdfile (htpasswd-like files)
                            -> pam-whatever

                     -> LDAP
                     -> MySQL
                     -> GSSAPI
                     -> shadow
        -> sasldb
        -> ...

Your choices are legion.

Wil Cooley <wcooley at nakedape.cc>
Naked Ape Consulting, Ltd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.sasag.org/pipermail/members/attachments/20060629/5229861c/attachment.bin>

More information about the Members mailing list