Q about saslauthd
jan parcel
jan.parcel at oracle.com
Wed Jun 27 15:11:39 EDT 2018
From the 2.1.27 docs:
https://www.cyrusimap.org/sasl/sasl/pwcheck.html#saslauthd
> *What is saslauthd?*saslauthd is a daemon which validates
>
> |ldap_servers|-|ldap://localhost|
>
I always thought that saslauthd was for a whole lot of things. For
instance, "-a shadow" goes through getspnam and/or getuserpw, which can
go through naming services whatever they are, at least on Solaris.
So are the rest of the mechs listed below deprecated? OR....what?
libsasl2 is supposedly the best way to get mail programs hooked up with
authentication for spam prevention, and we have a policy against
plaintext passwords, so I was hoping to provide a saslauthd service that
could be used by customers to hook up sasl to naming services.
The 2.1.26 man page says:
NAME
saslauthd - sasl authentication server
SYNOPSIS
saslauthd -a authmech [-Tvdchlr] [-O option] [-m mux_path] [-n
threads]
[-s size] [-t timeout]
AUTHENTICATION MECHANISMS
saslauthd supports one or more "authentication mechanisms", dependent
upon the facilities provided by the underlying operating system. The
mechanism is selected by the -a flag from the following list of
choices:
dce (AIX)
getpwent (All platforms)
kerberos4 (All platforms)
kerberos5 (All platforms)
pam (Linux, Solaris)
rimap (All platforms)
shadow (AIX, Irix, Linux, Solaris)
sasldb (All platforms)
ldap (All platforms that support OpenLDAP 2.0 or higher)
sia (Digital UNIX)
--
Jan Parcel, Software Developer
Oracle Systems Server & Cloud Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180627/5266e7ca/attachment.html>
More information about the Cyrus-sasl
mailing list