Author: Matt Bernstein Date: To: Jürgen Herz CC: exim-users Subject: Re: [exim] Exim with cyrus_sasl and ldap
Jürgen Herz wrote: > I want to use DIGEST-MD5 mechanism with Exim and so try to make use of
> Cyrus' SASL lib. To do so I've added line to the exim4.conf.
>
> Exim seems to use the lib, but I can't get it to use saslauthd since
> auth.log says "exim4: unable to open Berkeley db /etc/sasldb2:
> Permission denied."
The SASL library will be running as the Exim user. But if you want to
use LDAP it shouldn't need to look there.
> I also created a /usr/lib/sasl2/exim.conf which contains
> pwcheck_method:saslauthd
I think you should use the LDAP auxprop plugin instead of saslauthd to
work with DIGEST-MD5. Note that you'll need access to either a plaintext
copy of the password, or the MD5 hash of "user:realm:password" (IIRC),
in the LDAP database. I'm not sure libsasl2 can cope with the latter.
> Has someone a setup where Exim uses saslauthd over cyrus_sasl and can
> help me here?
Here's an exim.conf for pgsql (not using saslauthd):