/Main_Page

::You must have ninja focus to complete your mission::NinjaFocus::

Email Server/saslauthd

Views:

Part of the Email Server documentation

Introduction

This page describes installing Cyrus SASL2 and its authentication daemon, saslauthd for use with postfix and pam_mysql.

Installing

Cyrys SASL2 is included in a lot of distros, I think. On CentOS5 you just need to install it through yum: 

# yum install cyrus-sasl
# yum install cyrus-sasl-lib
# yum install cyrus-sasl-md5
# yum install cyrus-sasl-devel

If you need to install it from source, then you can get it from http://asg.web.cmu.edu/sasl/sasl-library.html

Configuration

Once you have installed the software, you'll probably want to get pam_mysql up and running before you come back here and configure and start the software.

There are two configuration files we need to set up for saslauthd, one controls the authentication mechanisms available and the other controls launching the daemon and what backend technology it will use.

To configure smtp authentication you need to edit /usr/lib/sasl2/smtpd.conf (if you installed from source this will probably be /usr/local/lib/sasl2/smtpd.conf) 

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 5

The log level sets the logging verbosity, you will need to check your syslog settings but you'll probably see the messages in /var/log/secure. Level 5 is pretty verbose so you'll want to turn that down once you're happy every thing is working OK.

The mech list sets which authentication mechanisms clients (email clients) will be able to use. If you've chosen to keep clear text passwords in the database and have configured pam_mysql appropriately, then you could set this to CRAM-MD5.


To set the saslauthd backend to pam, you need to set an environment variable before the daemon is launched. On Centos you can edit /etc/sysconfig/saslauthd: 

# Directory in which to place saslauthd's listening socket, pid file, and so
# on.  This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=pam

# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
# for the list of accepted flags.
FLAGS="-r"

If you've on another distro or you installed from source, then you might not have that file. You could edit the init script for salsauthd to export the environment variable.


To make sure that the authentication daemon is always running issue a: 

# chkconfig saslauthd on
Retrieved from "http://wiki.ninjafocus.net/Email_Server/saslauthd"

Main Menu

Personal tools

Toolbox