Authenticating virtual domain users with saslauthd

Igor Brezac igor at
Thu Jun 23 12:01:57 EDT 2005

On Thu, 23 Jun 2005, Etienne Goyer wrote:

> Hi,
> I would like to authenticate virtual domain users using saslauthd.  I
> want the possibility to have the same username in more than one domain
> (ie etienne at and etienne at  I will probably use LDAP
> as authentication backend, but this remain to be decided.
> Right now, for testing, I have saslauthd configured for PAM with shadow.
> I have a user etienne, and login is successful for any combination of
> etienne at domain.  I suppose saslauthd strip the @domain part, which would

No.  Your application does it, libsasl in particular.  It is actaully not 
stripped; the domain part is passed in as a separate parameter (realm) to 
saslauthd.  shadow auth mechanism does not use the realm parameter.

> break my setup when authenticating user from different domain with the
> same "username" (part before the @).

Start saslauthd -r ...  (Read saslauthd man page for more)

> If I use LDAP, my users would be in different OU.  Ideally, I could tell
> saslauthd to authenticate users from in, etc.
> Is this possible somehow ?


> Peripheric question : which syslog facility do saslauthd is logging to,
> and at what level for authentication success ?


> Thanks for your input.  Please ask for clarification if I am not clear
> enough.
> Etienne Goyer

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list