saslauthd vs auxprop
Adam Tauno Williams
awilliam at whitemice.org
Mon Jan 10 06:58:29 EST 2011
On Sun, 2011-01-09 at 23:38 -0800, Andrew Morgan wrote:
> On Sun, 9 Jan 2011, jonr at destar.net wrote:
> > I cannot wrap my mind around saslauthd and auxprop.
> > Does auxprop use the sasldb file to authenticate users that have been
> > added using the 'saslpasswd2' command?
> > What is saslauthd trying to use for authentication, would it be the
> > mechs shown in a 'saslauthd -v' output?
> > What does changing the value in the Sendmail.conf file from saslauthd
> > to auxprop or vice versa doing?
> > Running a ps I see that saslauthd is using the shadow mech:
> > /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
> > But I have no users in the shadow file other than cyrus and my users
> > for my mail server are in the sasldb file?
> > I have read the documentation on the cyrus site, the man pages and
> > searched the mailing list but I still cannot grasp what seems to be a
> > simple concept.
> > Can someone shed some light or at least point me in the right direction?
> Hopefully I get this right! There are basically 2 high-level choices to
> make: saslauthd or auxprop. saslauthd is an external daemon process that
> your program communicates with via a unix socket. auxprop uses C library
> modules that are loaded by libsasl into your program.
> saslauthd support a few different authentication mechanisms. The most
> popular are PAM and passwd/shadow.
The most important part here is that saslauthd [much like PAM] can only
provide chat-expect authentication mechanisms - like LOGIN and PLAIN.
So, in short, only insecure authentication mechanisms.
> Auxprop is usually used for sasldb, but I think there are several
> different modules that can be used. I'm fuzzy on auxprop so maybe someone
> else can fill in more detail here.
auxprop is used to implement 'real' SASL mechanisms [Kerberos, digest,
otp, etcc...] The purpose is to tie external servers [your MTA, DSA,
etc...] into the SASL framework.
More information about the Info-cyrus