[CentOS] saslauthd

Wed Aug 26 14:03:02 UTC 2009
Alexander Dalloz <ad+lists at uni-x.org>

> Hi,
> Alexander Dalloz wrote:

[ ... ]

>> You are mixing things. saslauthd and sasldb are exclusive: either use
>> one
>> or the other (at least on CentOS).
>
> ok - I think we're coming closer to the point.
> It will certainly be sasldb2, because I have an old machine with SMTP AUTH
> users who are contained in /etc/sasldb2
> I want to transfer these users to the new machine without having them to
> assign new passwords.
> Given the scenario that I copy the old /etc/sasldb2 to the new machine,
> how could postfix there authenticate these SMTP AUTH users?

That is pretty easy.

First you will have to configure Postfix through main.cf:

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = mail.example.com <-- this sets the realm[1]
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

[1] Using saslpasswd2 it is "-u DOM", which is if not specified by default
the hostname.
For your existing sasldb2 BDB you can use "sasldblistusers2" to list the
usernames.

At a proper place in smtpd_*_restrictions define "permit_sasl_authenticated".

Next you have to make the link between Postfix and Cyrus-SASL in
/usr/lib{64}/sasl2/smtpd.conf:

pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: login plain cram-md5 digest-md5  <- adjust to your needs

You are done.

>> On CentOS sasldb can only be used as a plugin by auxprop mechanism. You
>> will have to decided for one way to store your credentials.
>
> see above - the decision is already taken by the fact of the migration.

I understand.

> Regards
> Michael

Hope this helps. If questions or trouble remain, feel free to ask.

Best regards

Alexander