[Gllug] Replacement fo MS Exchange Server
Bruce Richardson
itsbruce at uklinux.net
Thu Oct 18 20:41:02 UTC 2001
On Thu, Oct 18, 2001 at 06:45:24PM +0000, Mike Brodbelt wrote:
> Bruce Richardson wrote:
> >
> >
> > The Cyrus IMAP server is extremely flexible but poorly documented and you
> > need to be running Kerberos on the network to get full use out of it.
>
> ?????
>
> Granted, running Kerberos increases security, but you don't lose any
> featuers if you're not running it - Cyrus can handle other
> authentication methods just fine.
It supports many ways of authentification - through sasl or pam or
traditional unix accounts - but...
One of the strongest features of Cyrus is the extremely fine-grained
user and group permissions on mail folders. I haven't looked at the
latest version but in all the versions I have looked at there are
two ways in which group membership is determined - from the groups set
up on the kerberos domain or from the group membership defined in
/etc/group. No other way. The pwcheck daemon - which is where pam is
implemented if you compile in that option - only checks
username/password authentification, not group membership. So if you use
pam for authentification you have the odd situation that you can
authenticate users against an NT domain or NDS tree or a plain text file
or anything else there is a pam module for - but if you want to share
mail folders based on group membership you still have to add their names
to /etc/group. Which means that using pam authentification loses you
the most powerful features (IMO) of Cyrus.
If this has changed I'd be very glad to hear it.
--
Bruce
If the universe were simple enough to be understood, we would be too
simple to understand it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 261 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20011018/e192e5b7/attachment.pgp>
More information about the GLLUG
mailing list