Re: [Exim] SASL

Top Page
Delete this message
Reply to this message
Author: Dennis Davis
Date:  
To: Ron McKeating
CC: exim-users
Subject: Re: [Exim] SASL
>From: Ron McKeating <R.J.Mckeating@???>
>To: "Exim-Users (E-mail)" <exim-users@???>
>Subject: [Exim] SASL
>Date: Wed, 22 Oct 2003 16:15:56 +0100


...

>One way round this suggested in the docs is to use pwcheck from the
>Cyrus pwcheck daemon. However when I downloaded it the (sasl) docs
>say
>
> PLAIN uses the saslauthd (preferred and now standard), the pwcheck
>daemon (obsolete), or an auxilliary property plugin (for example,
>sasldb).
>
>So if pwcheck is obsolete should I be going down this route. It is
>a redhat 9 box running the latest version of exim with exiscan. I
>really need to make smtp authentication work but seem to be stuck
>at every turn.


See the file doc/NewStuff. Support for the saslauthd was one of the
changes made for exim-4.21:


25. Exim now has support for Cyrus saslauthd authentication. This works in a
    similar way to Cyrus pwcheck authentication (which is now deprecated). To
    build Exim with saslauthd support, set CYRUS_SASLAUTHD_SOCKET in
    Local/Makefile. This must define the location of the socket that is used to
    communicate with the saslauthd daemon. For example:


      CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux


    The daemon is called by a new expansion condition:


      ${if saslauthd{{user}{password}{service}{realm}}{yes-string}{no-string}}


    Up to four arguments can be supplied, but only two are required (service
    and realm are optional). That is why the arguments are enclosed in a set of
    braces. For details of the meaning of service and realm, and how to run the
    saslauthd daemon, consult the Cyrus documentation.



I've got this up and running on OpenBSD with saslauthd
authenticating against KerberosV. Haven't really tested it though,
although the authentication definitely works. I've a small perl
program which talks to saslauthd via its socket and verifies
usernames/passwords...all fairly simple stuff, but it keeps me
amused...also note that saslauthd comes with its own testsaslauthd
program you can use.