[CentOS] saslauthd
Alexander Dalloz
ad+lists at uni-x.org
Wed Aug 26 14:03:02 UTC 2009
> Hi,
> Alexander Dalloz wrote:
[ ... ]
>> You are mixing things. saslauthd and sasldb are exclusive: either use
>> one
>> or the other (at least on CentOS).
>
> ok - I think we're coming closer to the point.
> It will certainly be sasldb2, because I have an old machine with SMTP AUTH
> users who are contained in /etc/sasldb2
> I want to transfer these users to the new machine without having them to
> assign new passwords.
> Given the scenario that I copy the old /etc/sasldb2 to the new machine,
> how could postfix there authenticate these SMTP AUTH users?
That is pretty easy.
First you will have to configure Postfix through main.cf:
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = mail.example.com <-- this sets the realm[1]
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
[1] Using saslpasswd2 it is "-u DOM", which is if not specified by default
the hostname.
For your existing sasldb2 BDB you can use "sasldblistusers2" to list the
usernames.
At a proper place in smtpd_*_restrictions define "permit_sasl_authenticated".
Next you have to make the link between Postfix and Cyrus-SASL in
/usr/lib{64}/sasl2/smtpd.conf:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: login plain cram-md5 digest-md5 <- adjust to your needs
You are done.
>> On CentOS sasldb can only be used as a plugin by auxprop mechanism. You
>> will have to decided for one way to store your credentials.
>
> see above - the decision is already taken by the fact of the migration.
I understand.
> Regards
> Michael
Hope this helps. If questions or trouble remain, feel free to ask.
Best regards
Alexander
More information about the CentOS
mailing list