Bill Roberts wrote:
I am planning on building a simpler email system (I don't use imap,
virtual domains, or a user database). In my quest for Zen-like simplicity
and rock-solid quality, I'm planning on using postfix, plus courier as a
pop3 server. For authentication, some guides use sasl, some use authlib.
Which is better?? And why would anyone use both?! They seem to both serve
the same function. Any suggestions/pointer appreciated.
There are a number of different services and auth'ing going on in your
mail system as proposed. Courier-imap provides imap and pop. Authlib
provides authentication for all Courier processes. Authlib can auth from
local accounts, mysql, postgres, or ldap. cyrus-sasl provides smtp auth
for Postix in order to relay from places that aren't in your allowed IP
space. cyrus-sasl can use a few different backends to auth as well which
is where the problems come in.
Courier-imap 4.0 and up began using courier-authlib. Since you have to
run authlib to use courier-imap, many virtual how-to's started slaving
cyrus-sasl off authlib rather than have it talk to Mysql directly
through pam_mysql. Also with authlib you could use encrypted passwords
in your db whereas you could not with pam_mysql. Additionally why
troubleshoot two different auth mechanisms and and have yet another
package on your system. And finally authlib supports pam, ldap, mysql,
and postgres in a single place.
For completeness authlib updates have caused the occasional auth issue
though they seem to have settled down over the last six months.
In summary:
sasl + pam_mysql = the suck, IMO
If you don't need any virtual nonsense I'd compile postfix,
courier-imap, and cyrus-sasl with -mysql. I'd also compile cyrus-sasl
-authdaemond and just run a normal system. Everything will default to
local system accounts, though you might need to config
/etc/sasl2/smtpd.conf to do that. I do this on my personal box and
haven't had any issues over the past 3 1/2 years.
kashani
--
gentoo-user@gentoo.org mailing list
