Cyrus IMAP and saslauthd

Dan White dwhite at
Sun Sep 14 15:09:05 EDT 2008

Egoitz Aurrekoetxea wrote:
> Hi mates,
> I'm running Cyrus IMAP without saslauthd with cyrus-sasl library at 
> this moment and integrated with Postfix. The OS I'm running is 
> FreeBSD... it has taken me sometime to set up this testing server... I 
> have tried several times to set cyrus imap auth against saslauthd... I 
> can't get my goal so now have had to switch to auxprop with mysql... 
> but this IMHO has a little disadvantage... with saslauthd and X number 
> of procceses forked you have like a "pool" of connections (what in 
> postfix config is called proxy daemon too) but without saslauthd and 
> with bulk connections to database through auxprop perhaps you could 
> cause DOS to you're mysql server if you receive a dictionarie attack 
> for example... I have read that it's possible to set saslauthd with 
> mysql BUT without crypted passwords on database... that wouldn't mind 
> me... could you please advise some howto or doc please? All doc I 
> found is for being set up with crypted passwords and through pam... 
> but this has run me into some troubles in freebsd... because I think 
> pam-mysql doesn't work quite nice on freebsd... so could you please 
> advise me some doc or howto setup cyrus imap and postfix auth through 
> saslauthd? I think it's a concept problem because I don't understand 
> quite well how saslauth works and will config file reads and so...

See the man page for saslauthd for available saslauthd backend mechanisms.

Other than PAM, you may be able to use nss-mysql along with the getpwent 
or shadow backends.

saslauthd is also documented in 'doc/sysadmin.html' in the sasl source.

- Dan

More information about the Info-cyrus mailing list