How can i tell SASL2 to stop using /etc/sasldb2 ?

Patrick Ben Koetter p at state-of-mind.de
Sat Jul 28 01:50:57 EDT 2007


* Gert Cuykens <gert.cuykens at gmail.com>:
> I am trying to tell SASL2 to use pam instead of /etc/sasldb2 by
> following this instructions
> 
> http://small.dropbear.id.au/myscripts/postfixmysql.html
> 
> But Pam doesn't get used ?
> My /etc/postfix/sasl/smtpd.conf looks like this ?
> pwcheck_method: pam

pam is not a valid password verification method.
You need to configure what you want a different way.

# /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

Then start saslauthd like this:

saslauthd -a pam <other options>

> And my /etc/pam.d/smtp looks like
> auth required pam_mysql.so user=postfix passwd=secret db=postfixdb
> table=users usercolumn=id passwdcolumn=password crypt=0

If you don't use crypted passwords in the database you might as well use the
sql auxprop plugin. Then you can additionaly use the shared-secret mechanisms
CRAM-MD5, DIGEST-MD5 and NTLM.

> Still got the same  /etc/sasldb2 error in my mail.err log
> SASL authentication problem: unable to open Berkeley db /etc/sasldb2

sasldb is the default plugin. Cyrus SASL doesn't check your config, it tries
to use pam and since it doesn't work, it tries sasldb. Since that isn't
configured it fails BUT this gets logged.

p at rick


-- 
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>


More information about the Cyrus-sasl mailing list