# Warning: This file is auto-generated and might be overwritten by 
#          univention-config-registry.
#          Please edit the following file instead:
# Warnung: Diese Datei wurde automatisch generiert und kann durch 
#          univention-config-registry überschrieben werden. 
#          Bitte bearbeiten Sie an Stelle dessen die folgende Datei:
# 
# 	/etc/univention/templates/files/etc/pam.d/mupdate
# 

# PAM configuration file for Cyrus Murder mupdate service
# $Id: mupdate.pam 5 2005-03-12 23:19:45Z sven $
#
# If you want to use Cyrus in a setup where users don't have
# accounts on the local machine, you'll need to make sure
# you use something like pam_permit for account checking.
#
# Remember that SASL (and therefore Cyrus) accesses PAM 
# modules through saslauthd, and that SASL can only deal with
# plaintext passwords if PAM is used.
#

### Authentication Section
#
auth    sufficient    pam_unix.so
@!@
from univention.lib.misc import getLDAPServersCommaList
auth  = "auth    requisite    pam_univentionmailcyrus.so"
auth += " ldap_host=%s" % getLDAPServersCommaList(configRegistry)
auth += " ldap_base=%s" % configRegistry.get("ldap/base")
auth += " from_attr=mailPrimaryAddress to_attr=uid"
auth += " binddn=%s" % configRegistry.get("ldap/hostdn")
auth += " pwfile=/etc/machine.secret"
auth += " ldap_port=%s" % configRegistry.get("ldap/server/port", "7389")
print auth
@!@
auth    [success=1 default=ignore]    pam_ldap.so use_first_pass 
auth    [success=ok default=die]      pam_krb5.so use_first_pass

### Account Section
#
account  sufficient   pam_unix.so
account  required     pam_ldap.so

