[Kolab-devel] Cyrus IMAP groups patch

Gunnar Wrobel wrobel at kolabsys.com
Thu Aug 19 21:10:29 CEST 2010


Zitat von Thomas Arendsen Hein <thomas at intevation.de>:

> * Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>  
> [20100817 22:55]:
>> I stumble upon the "groups patch" which enables cyrus-imapd to read an
>> arbitrary groups file as opposed to using the system getgrent(3)  
>> call (if and
>> when using the UNIX groups, that is).
>>
>> Afaik, getgrent(3) will return groups from anything PAM can handle and that
>> does groups.
>>
>> I'm wondering what the use-case behind the groups patch is, and whether
>> someone could tell me about a valid production implementation  
>> scenario so that
>> I can push this upstream. So far, the only use case I can see is parallel
>> Kolab deployments using OpenPKG -which of course is not going to be a valid
>> argument for upstream, and has alternatives that better align with native
>> packaging such as chroots.
>
> We don't want to use the system's group, because usually the Kolab
> accounts in LDAP are not system accounts in PAM.
>
> See https://issues.kolab.org/issue2722 for some background.
>
> In short: We don't need the groups patch upstream,

I don't think Jeroen wanted to get the groups patch upstream. He also  
wants to avoid it and I think he suggested to do so via PAM.

> we probably want SASL to know about the group of names in LDAP.

... and in turn Cyrus IMAPD to use SASL for group lists. It is  
mentioned in the issue you linked so I think you know that but I just  
wanted to highlight that the resulting patch is a two step appraoch  
and probably would not be to easy.

@Jeroen: If I understood you correctly you were suggesting that we  
could feed Cyrus IMAPD with alternate group information via PAM. Did I  
indeed understand you correctly? How could such an approach look like?  
I'm no PAM expert and it would cost me some research to see if that  
should be possible or not.

Cheers,

Gunnar

>
> Regards,
> Thomas
>
> --
> thomas at intevation.de - http://intevation.de/~thomas/ - OpenPGP key:  
> 0x5816791A
> Intevation GmbH, Neuer Graben 17, 49074 Osnabrueck - AG Osnabrueck,  
> HR B 18998
> Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel
>


--
Gunnar Wrobel
Developer, Kolab Systems AG

e: wrobel at kolabsys.com
t: +49 700 6245 0000
w: http://www.kolabsys.com

pgp: 9703 43BE

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.




More information about the devel mailing list