Using saslauthd ...

Igor Brezac igor at
Thu May 19 17:44:19 EDT 2005

On Thu, 19 May 2005, Marc G. Fournier wrote:

> I'd like to setup saslauthd to act as an authentication "proxy", but not sure 
> how (pointers to docs on this much appreciated) ...
> Basically, I have n "machines", and want to sent up a central database of 
> userid/passwds that each will refer to ... I don't want each machine to have 
> the ability to view the database, only authenticate against it ...
> The saslauthd would be on the central server itself, stored in a Pg database, 
> vs sasldb2 ...
> First step is to have saslauthd talk to the database .. the man page refers 
> to:
>     /usr/local/etc/saslauthd.conf
>                             The default configuration file for ldap support.

Read the bottom part of the man page:  ;)

      ldap       (All platforms that support OpenLDAP 2.0 or higher)

                 Authenticate against an ldap server.  The ldap configuration
                 parameters are read from /usr/local/etc/saslauthd.conf.  The
                 location of this file can be changed with the -O parameter.
                 See the LDAP_SASLAUTHD file included with the distribution for
                 the list of available parameters.

> but I can find no docs on this ... does this just contain similar directives 
> to what I'd do to have cyrus itself talk directly to the database?
> auxprop_plugin: pgsql
> sasl_sql_engine: pgsql
> sasl_sql_database: mail
> sasl_sql_select: SELECT password FROM accountuser WHERE username = '%u' and 
> domain_name = '%r'
> sasl_sql_verbose: yes
> sasl_sql_user: mail
> sasl_sql_passwd: password
> sasl_sql_hostnames: remotehost
> Or is there something different I'd need to setup for this?
> How about for cyrus/postfix themselves to talk to the saslauthd on a 
> different server?

You need to change the code, saslauthd and libsasl2.

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list