Please - correct me if I'm wrong - auxprop sasldb versus saslauthd sasldb

Dan White dwhite at olp.net
Mon Aug 25 19:09:40 EDT 2008


Sascha Vogt wrote:
> Dan White schrieb:
>> Sascha Vogt wrote:
>>> Hi List!
>>>
>>> Should those two /usr/lib/sasl2/Sendmail.conf files do the same or not?
>>>
>>> -------------------Sendmail.conf variant 1-----------------------------
>>> pwcheck_method: saslauthd
>>> mech_list: login plain
>>> -------------------------------------------------------------------------------- 
>>>
>>> Together with that, saslauthd ist started with "-a sasldb".
>>>
>>> ------------------Sendmail.conf variant 2------------------------------
>>> pw_check_method: auxprop
>>> auxprop_plugin: sasldb
>>> mech_list: login plain
>>> -------------------------------------------------------------------------------- 
>>>
>>> With that, saslauthd can stay asleep.
>>>
>>
>> Sascha,
>>
>> You've got a typo in the second config. 'pw_check_method' is wrong.
> Hi Dan!
>
> Thanks for the hint, but this was just a typo in my message. It was 
> late and all I want to know is - should both configurations (without 
> typos) do basicly the same, or not?
>

I have not configured saslauthd in the way that you are testing, but I 
believe that the two should function in a similar way.

> To clear things up. The original target was and is a setup with 
> sendmail offering optional SSL and TLS. Plain, login, cram-md5 and 
> digest-md5 as auth-mechs, all against (cleartext) credentials in 
> OpenLDAP via auxprop and ldapdb. I got OpenLDAP working with sshd  via 
> PAM (actually using saslauthd). But couldn't get sendmail to do it's 
> job. So I tried

I have a similar working setup using Postfix/ldapdb. I would trouble 
shoot this as Sendmail specific, unless you have another daemon set up 
using ldapdb to test with. You can try increasing your log_level:

https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/~checkout~/src/sasl/doc/options.html?rev=1.32;content-type=text%2Fhtml

I agree that there could be better debugging information available.

smtptest, which is part of the cyrus-clients-2.x Debian package, is a 
good resource for trouble shooting SMTP setups.

- Dan


More information about the Cyrus-sasl mailing list