New 2.4.10 install - authentication problems with saslauthd

[Dan White]

On 06/08/11 11:44 +0100, John wrote:
>On 05/08/11 22:32, Dan White wrote:
>>Does your cyrus user have permissions to access the saslauthd mux?
>>
>>Try running your testsaslauthd command as your cyrus user... I'm assuming
>>that during testing you were using root, or another account.
>>
>Aha! Thank you so much. I had checked the permissions on 
>/var/run/saslauthd/mux and they were 777 and also the directory 
>/var/run/saslauthd which had 766. . I assumed  that these were 
>sufficient but I just changed the directory also to 777 and all works 
>well.
>
>However I am not sure 777 is the right way to sort the problem. I've 
>looked in the sasl documentation and can find nothing at all 
>regarding the entitlements of /var/run/saslauthd. Is there any 
>guidance on how the entitlement should be given? I would have 
>expected to need some kind of group entitlement to be giveen to sasl 
>users? Or is 777 ok?
>
>At least it's now working so I appreciate your help with that.

A common approach is to have 777 on your mux, and then 710 on your
/var/run/saslauthd, with ownership of 'root:sasl'. Add any users who need
access to the saslauthd mux to the sasl group.

-- 
Dan White