[KLUG Members] Petreley's 5 part Postfix SMTP + Cyrus IMAP E-mail server solution ...

Adam Williams members@kalamazoolinux.org
Tue, 16 Apr 2002 05:58:43 -0400 (EDT) 

>Don't know if this has been around the list(s), but I'd figure I'd
>rehash it since I want to discuss it a bit further:
>http://www.linuxworld.com/site-stories/2002/0318.ldap1.html
>http://www.linuxworld.com/site-stories/2002/0401.ldap2.html
>http://www.linuxworld.com/site-stories/2002/0408.ldap3.html
>http://www.linuxworld.com/site-stories/2002/0410.ldap4.html
>http://www.linuxworld.com/site-stories/2002/0415.ldap5.html

I'll have to take a look at these.

>One thing I'm interested in doing is "expanding" on this to include at
>least Kerberos for the SASL password store/ticketing, possibly LDAP as
>well.  And the easiest, "cook-book" method to implement this on a RedHat
>7.2 box with existing packages (or minimal package upgrades -- e.g.,
>just rebuilding with additional config options as needed).

It would be interesting to see if any of the "appliance" distributions 
like e-smith are ready to do this.  Unfortunately most 'reveiws' never get 
any firther than "Oh my, it has a web administration tool...."
 
>Mr. Williams has done an _excellent_job_ in teaching us everything there
>is to know about enterprise authentication, directory and other network

It is not even close to "everything",  but thank you.  It definetely needs 
more on the nitty-gritty of SASL.

>services in his continually updated, 300+ (now) slide presentation.  But

And soon to be available in German!  A police LUG in Germany is going to 
maintain the translation.   Open source doucmentation in english is hard 
enough to find,  apparently it is even worse in other languages.

>it's almost daunting to absorb it all at once, even though I have a

I get that comment alot.

>fairly "seasoned" background of CIFS and NIS knowledge (which is just a
>small subset of what Mr. Williams educates us on).  Mr. William's
>presentation is *THE*COMPLETE*REFERENCE* that I find myself going to

Naw,  it will about "COMPLETE REFERENCE" status somewhere around 600 
slides (I guess).  My list of things to cover is quite long.

>when I want to know _anything_ about Enterprise Linux Services, but I've
>yet to find an "elementary quickstart" to it all to build on.
>So I guess what I'm looking for is an "elementary starting point" for
>implementing just Postfix + IMAP E-mail services with a basic LDAP +

Elementaty = MDA + IMAP + LDAP + SASL + Kerberos ?! :)

RedHat uses uw-imap, which is just PAM.  But one assumes large 
organizations will uses something like Cyrus, which I haven't been able to 
get into yet.  I think you'd end up with a distro quite divergent from 
"stock" in order to do all the above.  authconfig at least takes the ugly 
out of writing pam stacks.

>Kerberos framework for directory/authentication.  One that I can add to
>in the future, and can be implemented with a stock RedHat 7.2 install
>almost "as-is" now (again, with just a few customizations, RPM updates
>and/or reconfigs/rebuilds).  I know LDAP requires a bit of planning, so
>you cannot just "throw-in" LDAP, but a "common initial company LDAP
>template" would do to start.  And we'd worry about accomodating more
>services as they were added later.

I think the migration scripts provide a good framework to work from.  Most 
services (sendmail, samba, etc...) integrate well with the provided 
structure.  The only argument about it is whether one seperates account 
objects from person objects, or store them as one (ou=People + ou=Accounts 
vs. ou=People).