Ok. Just going thru pam. I was originally thinking to authenticate off of LDAP, but man LDAP is a mindboggling beast at times.
So what Im wondering, is it possible to set up a server, so that I can simply add a user the normal unix method, and use pam to authenticate in from scalix.
What would be the files I'd use? I know pam_unix is the one for dealing with /etc/passwd auth, but what are the files I'd edit to allow outlook AND webmail clients to authenticate in.
Or is it more complicated than that?
PAM.
Moderators: ScalixSupport, admin
-
florian
- Scalix
- Posts: 3852
- Joined: Fri Dec 24, 2004 8:16 am
- Location: Frankfurt, Germany
- Contact:
in theory you can....
you would need to create unix accounts for all scalix users.
you would then use pam_unix in combination with our om_om2authid pam module to link to standard, non-om pam modules.
you would then need to put the unix user name of the user into the authentication id field of the respective scalix user
you would then need to modify our pam config files.
I would think that it is almost as complex as setting up a simple openLdap server by a cookbook available on the internet.
but then - if you only ever need those user accounts for scalix - why wouldn't you use owr own built-in method of user management which is comfortably available through the scalix admin console right after the install. simple and hazzle free. :-)
-- florian
you would need to create unix accounts for all scalix users.
you would then use pam_unix in combination with our om_om2authid pam module to link to standard, non-om pam modules.
you would then need to put the unix user name of the user into the authentication id field of the respective scalix user
you would then need to modify our pam config files.
I would think that it is almost as complex as setting up a simple openLdap server by a cookbook available on the internet.
but then - if you only ever need those user accounts for scalix - why wouldn't you use owr own built-in method of user management which is comfortably available through the scalix admin console right after the install. simple and hazzle free. :-)
-- florian
Florian von Kurnatowski, Die Harder!
-
kali
- Posts: 64
- Joined: Sat Oct 29, 2005 12:13 am
Dear Florian
For various reasons (really nice "customization" actually) I do run saslauthd to authenticate users (for smtp to be precise). I am happy to explain reasons offline if you like but my question is - can saslauthd authenticate using PAM against the scalix user base?
I have made it work by using the saslauthd "rimap" option (which simply tests imap login success/failure), but it is not as neat and clean as PAM would be. I have tried various configs in the /etc/pam.d/smtp settings (including auth required /opt/scalix/lib/libom_pam.so) but always get error that cannot resolve various tokens. I am missing something easy here... but thought you might just know directly how to accomplish this.
(Or using PAM ldap authentication?)
Thanks,
Chris
For various reasons (really nice "customization" actually) I do run saslauthd to authenticate users (for smtp to be precise). I am happy to explain reasons offline if you like but my question is - can saslauthd authenticate using PAM against the scalix user base?
I have made it work by using the saslauthd "rimap" option (which simply tests imap login success/failure), but it is not as neat and clean as PAM would be. I have tried various configs in the /etc/pam.d/smtp settings (including auth required /opt/scalix/lib/libom_pam.so) but always get error that cannot resolve various tokens. I am missing something easy here... but thought you might just know directly how to accomplish this.
(Or using PAM ldap authentication?)
Thanks,
Chris
-
florian
- Scalix
- Posts: 3852
- Joined: Fri Dec 24, 2004 8:16 am
- Location: Frankfurt, Germany
- Contact:
Chris,
believe it'd be good to discuss the full scenario as it seems there might be some cleaner bigger picture solution here. My email address is <myfirstname>@scalix.com. (original address hidden to fake the bots...) My first thought would be if you require SMTP authentication in a scalix context, it's probably scalix-smtp anyway, so why don't you use our smtp releay that can already do it.
SMTP authentication almost always requires non-plantext password authentication which requires different sets of pam settings in many cases.
In theory - as it is pam - i believe it should be possible to use our om_auth pam module (as contained in the libom_pam library) to authenticate against the scalix user database; however it hasn't been used this way afaik (always scalix using external pam modules) and i personally haven't tested it, so i can't really describe the corners and edges of this.
what exact errors are you getting? might actually be an issue of your LD_LIBRARY_PATH not setup correctly as our pam module will most certainly use other libraries from /opt/scalix/lib.
Anyway, if this goes further, I'm curious, but we should take it offline, because I can't feel this os of general interest at this point... :-)
cheers,
Florian.
believe it'd be good to discuss the full scenario as it seems there might be some cleaner bigger picture solution here. My email address is <myfirstname>@scalix.com. (original address hidden to fake the bots...) My first thought would be if you require SMTP authentication in a scalix context, it's probably scalix-smtp anyway, so why don't you use our smtp releay that can already do it.
SMTP authentication almost always requires non-plantext password authentication which requires different sets of pam settings in many cases.
In theory - as it is pam - i believe it should be possible to use our om_auth pam module (as contained in the libom_pam library) to authenticate against the scalix user database; however it hasn't been used this way afaik (always scalix using external pam modules) and i personally haven't tested it, so i can't really describe the corners and edges of this.
what exact errors are you getting? might actually be an issue of your LD_LIBRARY_PATH not setup correctly as our pam module will most certainly use other libraries from /opt/scalix/lib.
Anyway, if this goes further, I'm curious, but we should take it offline, because I can't feel this os of general interest at this point... :-)
cheers,
Florian.
Florian von Kurnatowski, Die Harder!
-
sutton.ryan
- Posts: 28
- Joined: Mon Nov 14, 2005 6:14 pm
If it helps, I was able to install Scalix with Fedora Directory Server on the same server (Centos). Fedora Directory is using port 390 & 636. I chose 390 due to MS recommending this for exchange when an alt port is needed. I found help on this forum to modify a few files so that my scalix with authenticate against FDS ldap first, then itself. One tip I would give is if you are going to rely on external authentication, use the same authid when you setup scalix accounts in the BEGINNING. Scalix by default uses the email address as the authid where my FDS uses UID.
If anyone could point out a link or posting to setup smtp auth on scalix, I would appreciate it.
Ryan
If anyone could point out a link or posting to setup smtp auth on scalix, I would appreciate it.
Ryan
Who is online
Users browsing this forum: No registered users and 20 guests