On Wed, Jun 26, 2024 at 04:29:53PM -0400, John Levine via Postfix-users wrote:
> I'm trying to set up a little POP toaster on debian that has a few
> addreses all in virtual domains.
>
> I'm using Cyrus SASL (no Dovecot allowed for reasons)
That's unfortunate, b/c often much simpler...
> and to keep it simple, I'm using sasldb authentication. I can set up
> the sasldb with saslpasswd2 but I am stuck getting the Cyrus sasl
> daemon to run. The advice in the Postfix SASL Howto is wither out of
> date or for some other flavor of Linux.
The manpage for saslauthd(8) on Fedora includes under the description
authentication mechanisms:
sasldb (All platforms)
Authenticate against the SASL authentication database. Note
that this is probably not what you want to use, and is even
disabled at compile-time by default. If you want to use
sasldb with the SASL library, you probably want to use the
pwcheck_method of "auxprop" along with the sasldb auxprop
plugin instead.
which suggests that, for this backend, the "sasldb" should be accessed
directly from smtpd(8) via the SASL libraries, rather than via saslauthd.
My users authenticate via a mixture of GSSAPI and non-system passwords,
both mediated by Dovecot, so I don't have a handy Cyrus example.
With dovecot the auth config is basically:
auth_realms = YOUR.REALM
auth_mechanisms = gssapi plain
auth_gssapi_hostname = "$ALL"
auth_krb5_keytab = /var/spool/keytabs/imap
service auth {
unix_listener /var/spool/postfix/private/auth {
user = postfix
group = postfix
mode = 0660
}
}
passdb {
driver = passwd-file
args = /etc/dovecot/passwd
}
The passwd (shadow) file entries are just:
<user>:<hash>::::::
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
