On Sat, 23 Jun 2007, Till Wimmer wrote:
i'm running a server for several customers using cyrus/IMAP, sendmail,
apache2 and ssh.
I'm looking for a way to store all the passwords for them in _one_
database so i can manage them easily by a web interface.
By artifically tying the database concept to a GUI, you may
limit your choices severely.
My solution was to store the passwords in a MySQL table.
Now the problem is that cyrus and sendmail use sasldb for
authentication, but ssh uses PAM.
I use LDAP for sendmail, apache2, sasl, pam, and dovecot (instead of
cyrus).
All non-system users are defined in ldap, and can logon to any machine
that happens to be replicating the database.
This is rather unsatisfying because libpam_mysql, libsasl2_modules_sql
and mod_auth_mysql (apache) all have quite different approaches /
ideologies.
Yes, even with LDAP there are a few things that make you go 'wtf?!?'
I had to store the passwords in plaintext because of the sasl interface,
but the new mod_auth_mysql will allow encrypted passwords only... that's
only one of the issues.
I have slapd store the passwords in crypt format - so normal shadow
services continue to work as before
Maybe somebody is using a similar configuration?
I'm a small shop, but found it easier to help others if I ran my setup
closer to theirs
--
Rick Nelson
That's the funniest thing I've ever heard and I will _not_ condone it.
-- DyerMaker, 17 March 2000 MegaPhone radio show
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
