tech-pkg: Re: working config for sasl + authdaemon

Subject: Re: working config for sasl + authdaemon
To: None <tech-pkg@netbsd.org>
From: Richard Braun <syn@sceen.net>
List: tech-pkg
Date: 06/04/2004 11:00:39
--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 04, 2004 at 02:36:31AM -0400, othyro@freeshell.org wrote:
> Hi,
>=20
> I've reviewed the list and just about everything on the net concerning sa=
sl + anything for almost a year now in my spare time. I have not found any =
configuration that does what I want to do. I have postfix running in a chro=
ot cage (and I have no desire to change that), authdaemond in /var/spool/po=
stfix/var/run/authdaemon/socket, and also saslauthd in /var/spool/postfix/v=
ar/run/saslauthd/mux. I have heard that saslauthd can only do plaintext log=
ins and cannot authenticate against /etc/passwd. I am very grateful that Co=
urier's authdaemond support was written into cyrus-sasl.

Wrong, saslauth does plaintext authentication which can *only* use the
local Unix databse.

>=20
> The system is NetBSD/alpha 1.6.2. I was hoping someone could post a worki=
ng config (smtpd.conf) of authdaemond + sasl. I have smtps, imaps, and pop3=
s running as well. I'll post any config file desired, although I've tested =
many configurations and got all the errors I've ever found on the web.

I don't chroot anything so you may have some additional work but here
is the configuration I use :

/usr/pkg/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd
mech_list: plain

/usr/pkg/etc/postfix/main.cf:
=2E..
smtpd_sasl_auth_enable =3D yes
smtpd_recipient_restrictions =3D permit_mynetworks permit_sasl_authenticated
                               reject_unauth_destination
=2E..

/etc/rc.conf:
=2E..
saslauthd=3D"YES" saslauthd_flags=3D"-a getpwent"
=2E..

>=20
> Thanks very much,
>=20
> --tr

You're welcome. I hope it'll work for you too :-).

--=20
Richard Braun

--2oS5YaxWCcQjTEyO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFAwDo3BlWsEPLYRi8RAh+zAJ4y4+va+iasH5flwYQtTh0ritFg4wCfRbVM
gkOlXhXSapCHrFBjX7bxrO8=
=7P6I
-----END PGP SIGNATURE-----

--2oS5YaxWCcQjTEyO--