[KLUG Members] Re: Petreley's 5 part Postfix SMTP + Cyrus IMAP E-mail server solution ...

[Bryan J. Smith]

On Tue, 2002-04-16 at 05:58, Adam Williams wrote:
> I'll have to take a look at these.

It's a pretty good "cookbook" method that uses its own authentication. 
I'd rather have LDAP and Kerberos added.

> It would be interesting to see if any of the "appliance" distributions 
> like e-smith are ready to do this.  Unfortunately most 'reveiws' never get 
> any firther than "Oh my, it has a web administration tool...."

I know, I know.  Heck, for the same reasons I "dislike" Ziff-Davis
(among others) for their Linux "reviews," I "dislike" most of their
Windows "reviews" as well.  It's like they don't bother to spend more
than 5 minutes.

> It is not even close to "everything",  but thank you.  It definetely
> needs more on the nitty-gritty of SASL.

I need to self-educate myself on SASL and GSSAPI, various applications
that can use them as well as using Kerberos 5 as the back-end.

> And soon to be available in German!  A police LUG in Germany is going to 
> maintain the translation.   Open source doucmentation in english is hard 
> enough to find,  apparently it is even worse in other languages.

Yep.

> I get that comment alot.

*BUT* it's _great_ to have it as a "reference for everything."  Once
complete, you can write more specific tutorials and reference that
document as necessary for more info.

BTW, you should really make your presentation a book.  I know people at
CMP and MacMillian that you should speak to.  Or you can just
self-publish on the Internet releasing as PDF.  There are endless
models.

I, for one, have always wanted to write a book entitled "Enterprise
Linux Services" that covered integrating various directory, file and
support services on a Linux platform on the back-bone of a corporate
network.  Especially before Microsoft dupes everyone into going
ActiveDirectory and locking them in.

> Naw,  it will about "COMPLETE REFERENCE" status somewhere around 600 
> slides (I guess).  My list of things to cover is quite long.

Well, yeah.  But I meant it is quickly becoming the "complete
reference."

> Elementaty = MDA + IMAP + LDAP + SASL + Kerberos ?! :)

Right.  Start with a basic "template" for a corporate LDAP directory
adding Kerberos as the password store.  Now add a few applications that
use SASL/GSSAPI services for authenctiation, starting with your MTA
(SMTP server) and MUAs (procmail and IMAP server).

> RedHat uses uw-imap, which is just PAM.

Right, but I know a lot of the Cyrus SASL RPMs are included and adding
Cyrus' IMAP is none-too-difficult.

RedHat also doesn't use PAM for various Kerberosized services.  Now if
others could just be made SASL/GSSAPI aware with only a few
configs/rebuilds.

> But one assumes large organizations will uses something like Cyrus,
> which I haven't been able to get into yet.  I think you'd end up
> with a distro quite divergent from "stock" in order to do all the
> above.  authconfig at least takes the ugly out of writing pam stacks.

Yeah, I was afraid of that.  But even with that said, adding the proper
RPMs shouldn't be too difficult?

> I think the migration scripts provide a good framework to work from.
> Most services (sendmail, samba, etc...) integrate well with the
> provided structure.

Right.  My idea was to start with a "good template" for LDAP/Kerberos
and add services over time, starting with SMTP/IMAP first.

> The only argument about it is whether one seperates account objects
> from person objects, or store them as one (ou=People + ou=Accounts
> vs. ou=People).

Hmmm, yeah.  I guess there are many such issues.

-- Bryan

-- 
The USDOJ v. Microsoft trial will result in unconditional surrender.
No matter who wins, the consumer will be subject to the victor's
"terms."  Which is worse?  Clueless government or clueless monopoly?
--------------------------------------------------------------------
Bryan J. Smith, SmithConcepts, Inc.        mailto:b.j.smith@ieee.org
Engineers and IT Professionals          http://www.SmithConcepts.com