Hi, Alexander Dalloz wrote:
[ ... ]
You are mixing things. saslauthd and sasldb are exclusive: either use one or the other (at least on CentOS).
ok - I think we're coming closer to the point. It will certainly be sasldb2, because I have an old machine with SMTP AUTH users who are contained in /etc/sasldb2 I want to transfer these users to the new machine without having them to assign new passwords. Given the scenario that I copy the old /etc/sasldb2 to the new machine, how could postfix there authenticate these SMTP AUTH users?
That is pretty easy.
First you will have to configure Postfix through main.cf:
smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mail.example.com <-- this sets the realm[1] broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous
[1] Using saslpasswd2 it is "-u DOM", which is if not specified by default the hostname. For your existing sasldb2 BDB you can use "sasldblistusers2" to list the usernames.
At a proper place in smtpd_*_restrictions define "permit_sasl_authenticated".
Next you have to make the link between Postfix and Cyrus-SASL in /usr/lib{64}/sasl2/smtpd.conf:
pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: login plain cram-md5 digest-md5 <- adjust to your needs
You are done.
On CentOS sasldb can only be used as a plugin by auxprop mechanism. You will have to decided for one way to store your credentials.
see above - the decision is already taken by the fact of the migration.
I understand.
Regards Michael
Hope this helps. If questions or trouble remain, feel free to ask.
Best regards
Alexander