tech-pkg: Re: working config for sasl + authdaemon

Subject: Re: working config for sasl + authdaemon
To: None <cyrus-sasl@lists.andrew.cmu.edu>
From: None <othyro@freeshell.org>
List: tech-pkg
Date: 06/11/2004 22:41:39

--0ntfKIWw70PvrIHh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

> Wrong, saslauth does plaintext authentication which can *only* use the
> local Unix databse.

Correct. Err..sorry about that; I'm not sure what I was thinking when I wrote that...

In /etc/rc.conf:

saslauthd=YES          saslauthd_flags="-a getpwent -O /var/spool/postfix/usr/pkg/lib/sasl2/smtpd.conf -m /var/spool/postfix/var/run/saslauthd"	# Cyrus Sasl Daemon

In /etc/rc.conf.d/authdaemond:

pidfile="/var/spool/postfix/var/authdaemon/pid"

In /usr/pkg/lib/sasl2/{smtp,smtpf}.conf and ~postfix/usr/pkg/lib/sasl2/sm*:

mech_list: plain digest-md5 cram-md5
log_level: 5
pwcheck_method: saslauthd
#authdaemond_plugin: digest-md5 cram-md5
#auxprop_plugin: authdaemond saslauthd plain digest-md5 cram-md5
#authdaemond_path: /var/spool/postfix/var/run/authdaemon/socket
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
#auxprop_plugin: LOGIN PLAIN
#srp_mda: rmd160

Not sure if some of those options work. Obviously playing around with a lot of stuff to get something to work...

The stuff in postfix's main.cf and master.cf is okay, so I'm not posting it...

I'll post courier config if requested.

Thanks for posting your config, Richard. I am trying to get plaintext logins as well as cram-md5 and digest-md5 login mechanisms to work over a TLS/SSL stream with postfix, authdaemond, and saslauthd all running in /var/spool/postfix. Your config wouldn't work for me, possibly due to my misconfiguration, in the chroot cage. I think it's important that this a working config be achieved to illustrate this concept. authdaemond appealed to me, because I've actually got it working without problems, in more than one application.

Someone please forward this to the cyrus-sasl list, if it doesn't get there this time.

Thanks so much,

!tr

--0ntfKIWw70PvrIHh
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFAym1jyOgBAvoWO9MRArBHAJ9WauT9/R411Pi897AA0CLL46+9NgCfe5ai
7hK6ZUAHxcqXag4yU2I/zhI=
=kl5P
-----END PGP SIGNATURE-----

--0ntfKIWw70PvrIHh--