[32039] in Kerberos
Re: kerberos and smartphone clients
daemon@ATHENA.MIT.EDU (Nikolay Shopik)
Tue Feb 9 15:39:19 2010
Message-ID: <4B71BA43.2080304@inblock.ru>
Date: Tue, 09 Feb 2010 22:40:51 +0300
From: Nikolay Shopik <shopik@inblock.ru>
MIME-Version: 1.0
To: Luke Scharf <luke.scharf@clusterbee.net>
In-Reply-To: <4B717A63.2000709@clusterbee.net>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 09.02.2010 18:08, Luke Scharf wrote:
> If you're using virtual users on the e-mail server, then saslauthd can
> be configured to attempt to log in to Kerberos to see if the password is
> valid instead of PAM. This is an application-level way to check
> credentials, as opposed to a system-level method like PAM -- so if your
> users don't show up in getent, then saslauthd is the way to go.
Actually Dovecot SASL + pam_krb5 and virtual users works very well. I've
just add two strings to /etc/pam.d/dovecot
auth sufficient pam_krb5.so
account sufficient pam_krb5.so
But thanks anyway pointing to right way.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
