On Sun, 2011-01-09 at 23:38 -0800, Andrew Morgan wrote: > On Sun, 9 Jan 2011, jonr@xxxxxxxxxx wrote: > > I cannot wrap my mind around saslauthd and auxprop. > > Does auxprop use the sasldb file to authenticate users that have been > > added using the 'saslpasswd2' command? > > What is saslauthd trying to use for authentication, would it be the > > mechs shown in a 'saslauthd -v' output? > > What does changing the value in the Sendmail.conf file from saslauthd > > to auxprop or vice versa doing? > > Running a ps I see that saslauthd is using the shadow mech: > > /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow > > But I have no users in the shadow file other than cyrus and my users > > for my mail server are in the sasldb file? > > I have read the documentation on the cyrus site, the man pages and > > searched the mailing list but I still cannot grasp what seems to be a > > simple concept. > > Can someone shed some light or at least point me in the right direction? > Hopefully I get this right! There are basically 2 high-level choices to > make: saslauthd or auxprop. saslauthd is an external daemon process that > your program communicates with via a unix socket. auxprop uses C library > modules that are loaded by libsasl into your program. > saslauthd support a few different authentication mechanisms. The most > popular are PAM and passwd/shadow. The most important part here is that saslauthd [much like PAM] can only provide chat-expect authentication mechanisms - like LOGIN and PLAIN. So, in short, only insecure authentication mechanisms. > Auxprop is usually used for sasldb, but I think there are several > different modules that can be used. I'm fuzzy on auxprop so maybe someone > else can fill in more detail here. auxprop is used to implement 'real' SASL mechanisms [Kerberos, digest, otp, etcc...] The purpose is to tie external servers [your MTA, DSA, etc...] into the SASL framework. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
