Michael Strödermichael@stroeder.com schrieb am 14.04.2015 um 09:42 in
Nachricht 552CC4FF.4060600@stroeder.com:
Ulrich Windl wrote:
I mean: You create a file like /etc/sasl2/smtpd.conf that contains: # cat smtpd.conf pwcheck_method: saslauthd mech_list: plain login -- If saslauthd is configured to use PAM (-a pam), all users that the PAM
module
finds are valid users for smptd. My question was whether (and how) one can restrict the possible users from the saslauthd configuration file (like smtpd.conf).
Hmm, if you don't want all your PAM system users to be valid e-mail users then simply don't use PAM. Sometimes one should rethink the software stack if requirements get more clear. smtpd sounds like postfix which has very flexible LDAP support.
Depending on the PAM/NSS system you're using there could be group authz mechs there too. But you did not provide enough information to really think about
this. Personally I prefer to directly use the LDAP features of the software
used.
Hi!
The advantage of the PAM configuration seems to be that you only have to describe your LDAP structure once, and not for every application. I thought there might by a method to restict the accepted users from the sasl configuration file, but it seems there is none.
Thanks!
Ulrich