Re: How to configure Cyrus/SASL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



dino.swanwick@xxxxxxxxxxxx wrote:
/etc/imapd.conf
sasl_pwcheck_method: auxprop
sasl_mech_list: PLAIN, CRAM-MD5

/etc/imapd-local.conf
sasl_pwcheck_method: auxprop

/usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd

/usr/lib64/sasl2/smtpd.conf
#pwcheck_method: saslauthd
mech_list: plain login

My questions are:
1) What is the difference between imapd.conf and imapd-local.conf?  How
do I know which one I am using?
2) What is the difference between /usr/lib/sasl2/smtpd.conf and
/usr/lib64/sasl2/smtpd.conf?  How do I know which one I am using?
3) I'm confused...am I currently using auxprop or saslauthd?  How can I
tell?  What is the difference?

Dino,

Cyrus IMAP services typically use /etc/imapd.conf for configuration. That config file handles the configuration for services like imapd, pop3d, timsieved etc.

I'm not familiar with any cyrus services which use /etc/imapd-local.conf. I would examine your startup scripts, such as /etc/init.d/cyrus*, for any reference to that file.

The location of the SASL configuration for other services, such as your SMTP server, can be in one of several locations, depending on how the SASL libraries were compiled, and how Postfix was compiled.

If you can find out what configure options your SASL libraries were compiled with, the --with-configdir option will tell you what the default location(s) are.

Also, Postfix can define a default location for its SASL configuration rather than (or in addition to?) the defaults. For instance, Postfix looks in /etc/postfix/sasl/ on my system for SASL configuration.

strings `which pluginviewer` | grep sasl2

may give you some hints about where the SASL libraries are looking for plugins and configs.

With the configuration you have specified above, your Cyrus IMAPd services will use your auxprop plugin(s) to authenticate both your PLAIN and CRAM-MD5 mechs.

Your SMTP server, if using the /usr/lib64/sasl2/smtpd.conf file, will use all available pwcheck_methods, I believe, since you haven't specified it. So it would try to authenticate your PLAIN and LOGIN mechs using your auxprop plugins (sasldb), saslauthd and any others available until one of them authenticates successfully, or all fail.

If you're using /usr/lib/sasl2/smtpd.conf, then your SMTP server will use your auxprop plugins (sasldb) to authenticate your plaintext mechs (PLAIN and LOGIN) and your auxprop mechs (see pluginviewer). Since you haven't restricted which mechs are offered, all initialized mechs should get offered to the client.

See the sysadmin doc for more:

http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html

- Dan

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux