Jürgen Herz wrote:
> I want to use DIGEST-MD5 mechanism with Exim and so try to make use of
> Cyrus' SASL lib. To do so I've added line to the exim4.conf.
>
> Exim seems to use the lib, but I can't get it to use saslauthd since
> auth.log says "exim4: unable to open Berkeley db /etc/sasldb2:
> Permission denied."
The SASL library will be running as the Exim user. But if you want to
use LDAP it shouldn't need to look there.
> I also created a /usr/lib/sasl2/exim.conf which contains
> pwcheck_method:saslauthd
I think you should use the LDAP auxprop plugin instead of saslauthd to
work with DIGEST-MD5. Note that you'll need access to either a plaintext
copy of the password, or the MD5 hash of "user:realm:password" (IIRC),
in the LDAP database. I'm not sure libsasl2 can cope with the latter.
> Has someone a setup where Exim uses saslauthd over cyrus_sasl and can
> help me here?
Here's an exim.conf for pgsql (not using saslauthd):
mech_list: DIGEST-MD5 CRAM-MD5 NTLM PLAIN LOGIN
auxprop_plugin: sql
sql_engine: pgsql
sql_hostnames: localhost
sql_user: <exim_user>
sql_passwd: <exim_password>
sql_database: <dbname>
sql_select: select %p from <table> where <usernamefield> = '%u'
I suspect the LDAP auxprop implementation will be similar.
HTH
Matt
