Re: [exim] Authentication using saslauthd <-> cyrus_sasl

Top Page
Delete this message
Reply to this message
Author: Christian Schmidt
Date:  
To: exim-users
Subject: Re: [exim] Authentication using saslauthd <-> cyrus_sasl
Hello Andreas,

Andreas Metzler, 22.04.2006 (d.m.y):

> Christian Schmidt <christian@???> wrote:
> > Andreas Metzler, 22.04.2006 (d.m.y):
> [...]
> > But what I didn't yet understand is what the differences between the
> > following two authenticators are:
>
> > saslauthd_plain:
> > driver = plaintext
> > public_name = PLAIN
> > server_condition = ${if saslauthd{{$2}{$3}}{True}{False}}
>
> > sasl_plain:
> > driver = cyrus_sasl
> > public_name = PLAIN
> > server_realm = server.linau.de
> > server_set_id = $2
>
> > Or in other words: The first authenticator checks the authentication
> > data by doing a "saslauthd query". And the second one?
>
> ... runs a sasl query by whatever method pwcheck_method in the
> sasl-configuration is to.


And one of these methods can be saslauthd?

> (Which lives in SASL_PATH/exim.)


> That is just afaict from reading the SASL documentation, however I've
> no idea where to set pwcheck_method for exim-specific sasl options.


Well - that would have been my next question...

*Searching around a few minutes*

What I found in /usr/share/doc/libsasl2 (I'm running Debian Sarge
here):

The default configuration file

By default, the Cyrus SASL library reads it's options from
/usr/lib/sasl2/App.conf (where "App" is the application defined name
of the application). For instance, Sendmail reads it's configuration
from "/usr/lib/sasl2/Sendmail.conf" and the sample server application
included with the library looks in "/usr/lib/sasl2/sample.conf".

A standard Cyrus SASL configuration file looks like:

srvtab: /var/app/srvtab
pwcheck_method: saslauthd

So am I right, when I state that the "sasl query" you mentioned above
can also end in a "saslauthd query"?

Regards,
Christian Schmidt

-- 
Erst der Alltag bringt das Nichts des Tages zutage.
        -- Thomas Schmitz