Making saslauthd fall back on SASLdb?

Scott Balmos sbalmos at
Tue Mar 29 17:26:03 EST 2005

Andreas Hasenack wrote:

>On Tue, Mar 29, 2005 at 03:31:13PM -0500, Scott Balmos wrote:
>>Hi all,
>>I had this problem solved months ago, but that was on a different 
>>system. I'm running imapd using saslauthd as the authentication 
>>mechanism. saslauthd, in turn, is running through PAM, which runs to my 
>>LDAP server, to do all authentication.
>>I was wondering if there was a way to get saslauthd, or imapd (whichever 
>>is the case), to fall back onto checking the local sasldb2 database 
>>(auxprop?). There are a few "system" accounts, like cyrus and some 
>>system-accessible-only manager accounts, that I want to keep out of LDAP.
>Try this in /etc/imapd.conf:
>sasl_pwcheck_method: saslauthd auxprop

Ayup... that did it. Thanks!

I would suggest, to the writers of the example config files, that 
sasl_pwcheck_method's wording be changed to note that you can allow both 
of these options. As it is, and this is where I got hung up, the 
comments sound like it can only be auxprop OR saslauthd, not both.


Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list