Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16

Dan White dwhite at olp.net
Fri Mar 7 12:01:38 EST 2014


On 03/07/14 17:13 +0100, Andrey ‪ wrote:
>Hi everyone,
>
>I am stack. I would like to use in my test environment virtual domains and emails.
>
>I have 2 domains. The users from default domain i can via sasl and pam authenticate without problem. I use in my mail software credentials like user password.
>Now I don’t want to use pam mechanism, but sasldb. See hereunder my configs:
>
>/etc/default/saslauthd
>
>START=yes
>MECHANISMS="sasldb"
>MECH_OPTIONS=""
>THREADS=5

saslauthd, with default compile options, does not contain support for
sasldb. It is recommended to use the sasldb auxprop plugin in this scenario
rather than saslauthd. Configure /etc/imapd.conf with:

sasl_auxprop_plugin: sasldb
sasl_pwcheck_method: auxprop

>#chroot Postfix
>OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd”
>
>
>/etc/postfix/main.cf
>#only sasl/virtual related config info!
>mydomain = domain.tld
>myhostname = mail.domain.tld
>mydestination = mail.domain.tld, domain.tld, localhost.domain.tld, localhost
>
>mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp

Configure your postfix smtpd.conf with:

auxprop_plugin: sasldb
pwcheck_method: auxprop

The sasldb database is typically contained in /etc, and not underneath
underneath the Postfix chroot. Either disable chrooting of smtpd in
/etc/postfix/master.cf, or configure an appropriate 'sasl_sasldb_path' in
/etc/imapd.conf, and a 'sasldb_path' in your postfix smtpd.conf file. If
you continue to chroot postfix, you will also need to specify the location
of the sasldb database with 'saslpasswd2 -f <path>'.

>/etc/imapd.conf
>#only sasl/virtual related config info!
>allowplaintext: yes
>sasl_mech_list: PLAIN
>loginrealms: domain.tld,domain2.tld
>virtdomains: userid
>defaultdomain: domain.tld
>sasl_pwcheck_method: saslauthd
>sasl_auto_transition: no
>
>
>Then I did following steps:
>saslpasswd2 -u domain.tld info
>testsaslauthd -u info -r domain.tld -p Pa77w0rd
>0: OK "Success."
>testsaslauthd -u info at domain.tld -p Pa77w0rd
>0: NO "authentication failed"

With saslauthd, you may wish to experiment with the '-r' option
(/etc/default/saslauthd OPTIONS).

-- 
Dan White


More information about the Info-cyrus mailing list