[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: Re: Help: LDAP using alias to reference value of another attribute



>>> Michael Ströder<michael@stroeder.com> schrieb am 14.04.2015 um 09:42 in
Nachricht <552CC4FF.4060600@stroeder.com>:
> Ulrich Windl wrote:
>> I mean: You create a file like /etc/sasl2/smtpd.conf that contains:
>> # cat smtpd.conf
>> pwcheck_method: saslauthd
>> mech_list: plain login
>> --
>> If saslauthd is configured to use PAM (-a pam), all users that the PAM 
> module
>> finds are valid users for smptd. My question was whether (and how) one can
>> restrict the possible users from the saslauthd configuration file (like
>> smtpd.conf).
> 
> Hmm, if you don't want all your PAM system users to be valid e-mail users 
> then 
> simply don't use PAM. Sometimes one should rethink the software stack if 
> requirements get more clear. smtpd sounds like postfix which has very 
> flexible 
> LDAP support.
> 
> Depending on the PAM/NSS system you're using there could be group authz 
> mechs 
> there too. But you did not provide enough information to really think about

> this. Personally I prefer to directly use the LDAP features of the software

> used.

Hi!

The advantage of the PAM configuration seems to be that you only have to
describe your LDAP structure once, and not for every application.  I thought
there might by a method to restict the accepted users from the sasl
configuration file, but it seems there is none.

Thanks!

Ulrich