How to configure Cyrus/SASL
Dan White
dwhite at olp.net
Fri Apr 4 14:33:18 EDT 2008
dino.swanwick at custserv.com wrote:
> /etc/imapd.conf
> sasl_pwcheck_method: auxprop
> sasl_mech_list: PLAIN, CRAM-MD5
>
> /etc/imapd-local.conf
> sasl_pwcheck_method: auxprop
>
> /usr/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
>
> /usr/lib64/sasl2/smtpd.conf
> #pwcheck_method: saslauthd
> mech_list: plain login
>
> My questions are:
> 1) What is the difference between imapd.conf and imapd-local.conf? How
> do I know which one I am using?
> 2) What is the difference between /usr/lib/sasl2/smtpd.conf and
> /usr/lib64/sasl2/smtpd.conf? How do I know which one I am using?
> 3) I'm confused...am I currently using auxprop or saslauthd? How can I
> tell? What is the difference?
Dino,
Cyrus IMAP services typically use /etc/imapd.conf for
configuration. That config file handles the configuration for
services like imapd, pop3d, timsieved etc.
I'm not familiar with any cyrus services which use
/etc/imapd-local.conf. I would examine your startup scripts, such
as /etc/init.d/cyrus*, for any reference to that file.
The location of the SASL configuration for other services, such
as your SMTP server, can be in one of several locations,
depending on how the SASL libraries were compiled, and how
Postfix was compiled.
If you can find out what configure options your SASL libraries
were compiled with, the --with-configdir option will tell you
what the default location(s) are.
Also, Postfix can define a default location for its SASL
configuration rather than (or in addition to?) the defaults. For
instance, Postfix looks in /etc/postfix/sasl/ on my system for
SASL configuration.
strings `which pluginviewer` | grep sasl2
may give you some hints about where the SASL libraries are
looking for plugins and configs.
With the configuration you have specified above, your Cyrus IMAPd
services will use your auxprop plugin(s) to authenticate both
your PLAIN and CRAM-MD5 mechs.
Your SMTP server, if using the /usr/lib64/sasl2/smtpd.conf file,
will use all available pwcheck_methods, I believe, since you
haven't specified it. So it would try to authenticate your PLAIN
and LOGIN mechs using your auxprop plugins (sasldb), saslauthd
and any others available until one of them authenticates
successfully, or all fail.
If you're using /usr/lib/sasl2/smtpd.conf, then your SMTP server
will use your auxprop plugins (sasldb) to authenticate your
plaintext mechs (PLAIN and LOGIN) and your auxprop mechs (see
pluginviewer). Since you haven't restricted which mechs are
offered, all initialized mechs should get offered to the client.
See the sysadmin doc for more:
http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html
- Dan
More information about the Cyrus-sasl
mailing list