Re: [owl-users] ldap / pam / tcb / popa3d / maildir

On Tue, 04 Oct 2005 20:08:03 +0400
Michael Tokarev <mjt@...> wrote:

> > - recompile glibc to include nscd and attach an init script.
> 
> Why do you need nscd?

Hello Michael,

for cacheing - just in case the directory service isn't up. 
To keep a small time window where mail services still work.
Well, its my intention. Extensive tests will follow.

> 
> > So far, all went OK. My users are all on a directory server. For 
> > that i build openldap and nss/pam stuff for ldap.
> 
> Are you sure you want your users to be system accounts?
> I mean, instead of tweaking system-wide settings (nsswitch.conf
> etc) and enabling ldap there, you can use ldap for email only,
> tweaking postfix and pop3 configs.  Mind you, almost every
> network-aware user storage (ldap, sql, etc) is inherently
> insecure - it's very difficult to set it up properly so that
> security level will be acceptable.

Don't misunderstand me, i'm aware of that. They exists a lot of
ways for mailsetups. Especially in conjunction with ldap services.
Indeed i agree with you.

> > My primary focus is popa3d and not suing. For that i didn't