From: Etienne Goyer (no email)
Date: Wed Oct 01 2003 - 16:09:31 EDT
On Wed, Oct 01, 2003 at 02:24:04PM -0500, anthony mayes wrote:
> We would like to implement a murder including 2 frontends and 3+
> backends in a switched (or vpn) environment. After reading the
> cyrus-info archives and the documents included in the Cyrus source, we
> are unclear about the authentication process between the front and the
> back ends. We would like to avoid using Kerberos if at all possible
> being as we do not have an existing Kerberos installation. What
> authentication methods would be best suited for this environment?
The frontend authenticate to the backend as a special users, defined as
the 'proxy_authname' on the frontend. The revelant part of imapd.conf
on the frontend would look like :
proxy_authname: proxy
backend1_password: *********
backend1_mechs: DIGEST-MD5
backend2_password: *********
backend2_mechs: DIGEST-MD5
Replace 'backend1' and 'backend2' with the actual name of your backend.
Also, the user specified in 'proxy_authname' must be authenticable on
the backend (by auxprop, most likely, since it connect with DIGEST-MD5).
A question : is the 'proxy_authname' required to be admin on the
backend? Could it be just in proxyservers ?
-- Etienne Goyer Linux Québec Technologies Inc. http://www.LinuxQuebec.com
|
|
|