Using saslauthd ...
Igor Brezac
igor at ipass.net
Thu May 19 17:44:19 EDT 2005
On Thu, 19 May 2005, Marc G. Fournier wrote:
>
> I'd like to setup saslauthd to act as an authentication "proxy", but not sure
> how (pointers to docs on this much appreciated) ...
>
> Basically, I have n "machines", and want to sent up a central database of
> userid/passwds that each will refer to ... I don't want each machine to have
> the ability to view the database, only authenticate against it ...
>
> The saslauthd would be on the central server itself, stored in a Pg database,
> vs sasldb2 ...
>
> First step is to have saslauthd talk to the database .. the man page refers
> to:
>
> /usr/local/etc/saslauthd.conf
> The default configuration file for ldap support.
>
Read the bottom part of the man page: ;)
ldap (All platforms that support OpenLDAP 2.0 or higher)
Authenticate against an ldap server. The ldap configuration
parameters are read from /usr/local/etc/saslauthd.conf. The
location of this file can be changed with the -O parameter.
See the LDAP_SASLAUTHD file included with the distribution for
the list of available parameters.
> but I can find no docs on this ... does this just contain similar directives
> to what I'd do to have cyrus itself talk directly to the database?
>
> auxprop_plugin: pgsql
> sasl_sql_engine: pgsql
> sasl_sql_database: mail
> sasl_sql_select: SELECT password FROM accountuser WHERE username = '%u' and
> domain_name = '%r'
> sasl_sql_verbose: yes
> sasl_sql_user: mail
> sasl_sql_passwd: password
> sasl_sql_hostnames: remotehost
>
> Or is there something different I'd need to setup for this?
>
> How about for cyrus/postfix themselves to talk to the saslauthd on a
> different server?
You need to change the code, saslauthd and libsasl2.
--
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list