Subject: Re: working config for sasl + authdaemon
To: None <>
From: Richard Braun <>
List: tech-pkg
Date: 06/04/2004 11:00:39
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 04, 2004 at 02:36:31AM -0400, wrote:
> Hi,
> I've reviewed the list and just about everything on the net concerning sa=
sl + anything for almost a year now in my spare time. I have not found any =
configuration that does what I want to do. I have postfix running in a chro=
ot cage (and I have no desire to change that), authdaemond in /var/spool/po=
stfix/var/run/authdaemon/socket, and also saslauthd in /var/spool/postfix/v=
ar/run/saslauthd/mux. I have heard that saslauthd can only do plaintext log=
ins and cannot authenticate against /etc/passwd. I am very grateful that Co=
urier's authdaemond support was written into cyrus-sasl.

Wrong, saslauth does plaintext authentication which can *only* use the
local Unix databse.

> The system is NetBSD/alpha 1.6.2. I was hoping someone could post a worki=
ng config (smtpd.conf) of authdaemond + sasl. I have smtps, imaps, and pop3=
s running as well. I'll post any config file desired, although I've tested =
many configurations and got all the errors I've ever found on the web.

I don't chroot anything so you may have some additional work but here
is the configuration I use :

pwcheck_method: saslauthd
mech_list: plain

smtpd_sasl_auth_enable =3D yes
smtpd_recipient_restrictions =3D permit_mynetworks permit_sasl_authenticated

saslauthd=3D"YES" saslauthd_flags=3D"-a getpwent"

> Thanks very much,
> --tr

You're welcome. I hope it'll work for you too :-).

Richard Braun

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.4 (NetBSD)