Date: Wed, 08 Aug 2001 02:11:28 -0700
From: David Wright <[EMAIL PROTECTED]>
Cc: info-cyrus <[EMAIL PROTECTED]>
Please educate me, I do not understand.
> Please use pwcheck. Your problems will go away.
The pwcheck distributed with cyrus-sasl is not useful to me. My users
are not in /etc/passwd -- they are ONLY in an LDAP database. Even a
pwcheck daemon that uses LDAP is only useful to me <if> it does LDAP-SSL
-- I need password traffic encyrpted over the network. pam_ldap does
this nicely, so any pwcheck daemon that did all this would basically be
re-implementing the functionality of pam_ldap. Can you kindly point me
to a pwcheck daemon that just calls PAM?
Such things exist. Please search the list archives or use Google.
> PAM does not do network authentication. PAM does not solve the
> problems under consideration.
What do you mean by "network authentication"? If you mean a ticket
system so that users need only authenticte themselves once, it most
certainly does, via Kerberos. If you mean certifying the identity of the
client and server machines, pam_ldap and OpenLDAP can do that. What
exactly is the problem under consideration that (given the appropriate
modules) PAM doesn't solve?
IMAP needs to do secure authentication over the wire.
For instance, imapd needs to do a secure Kerberos authentication---not
checking a password against a Kerberos server, but doing a real
authentication.
PAM provides no mechanisms for doing this.
Larry
