Athentication problem

Dan White dwhite at olp.net
Wed Jul 16 12:55:20 EDT 2008


Stephen Liu wrote:
>> Do you explicitly want to support specific SASL mechanisms 
>> (PLAIN, DIGEST-MD5...)?
> Sorry I don't follow.  Please explain in more detail.  Thanks

It looks like you have specified PLAIN as your only mechanism 
within imapd.conf, and I'm guessing you have 'allowplaintext: 
yes' set as well.

LOGIN is more typical within SMTP connections, so I would add it. 
I'm not aware of any equivalent 'allowplaintext' option within 
Postfix. I don't think you need one.

>> Do you intend to authenticate users like you're currently 
>> authenticating them with cyrus pop3? 
> 
> 
> I don't stick on the method of authentication.  But I do expect that
> the authentication will be same on all mail application.
> 
> 
>> If so, what do your sasl_* 
>> config options look like in /etc/imapd.conf?
> 
> 
> $ grep sasl_* /etc/imapd.conf
> sasl_mech_list: PLAIN
> sasl_pwcheck_method: saslauthd
> sasl_auto_transition: no
> sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux

You will also need to create a SASL config file for Postfix which 
matches this configuration, to get similar authentication 
functionality. Typically, you'd create the file 
'/etc/postfix/sasl/smtpd.conf' and put these lines into it (I 
would add LOGIN):

mech_list: PLAIN LOGIN
pwcheck_method: saslauthd
auto_transition: no
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux

however, if you are running your postfix chrooted, which appears 
to be the case, then you'll want to change that last line to:

saslauthd_path: /var/run/saslauthd/mux

- Dan


More information about the Cyrus-sasl mailing list