Just a clarification, saslauthd will use only sasldb if you have started it with the sasldb authmech (which is my case, and I'm thinking that might be why I don't see the difference with pwcheck_method=auxprop/auxprop_plugin=sasldb).
Best regards, Conrad Kleinespel conr...@conradk.com +33 6 23 82 42 79 On Sun, Jul 26, 2015, at 10:54 PM, Conrad Kleinespel wrote: > Hello Ellie, > > I looked into this a bit further. > > It seems like "sasl_pwcheck_method: saslauthd" will ask the "saslauthd" > daemon, which in turn uses sasldb. Using "sasl_pwcheck_method: auxprop" > with "sasl_auxprop_plugin: sasldb" seems to use sasldb too, but doesn't > go through "saslauthd". > > I'm not sure of that, but it's my current understanding. > > As for how SASL understands what config values to use since they are > prefixed with "sasl_" in the /etc/imapd.conf configuration file: it > happens in "imap/global.c" from Cyrus IMAPd. The function > "mysasl_config" looks for all options inside /etc/imapd.conf prefixed > with "sasl_". This function is then passed to libsasl which does its > thing. > > Interesting reads on the subject include: > https://cyrusimap.org/mediawiki/index.php/Cyrus_SASL#Plugins_.28Auxillary_Property.29 > https://cyrusimap.org/docs/cyrus-sasl/2.1.23/sysadmin.php > http://www.sendmail.org/~ca/email/cyrus/sysadmin.html > doc/options.html (inside the Cyrus SASL repo) > > I hope this helps. > > Best regards, > > Conrad Kleinespel > conr...@conradk.com > +33 6 23 82 42 79 > > On Mon, Jul 20, 2015, at 02:30 AM, ellie timoney wrote: > > > - Why is this commented out ? Is this meant to be uncommented at some > > > point ? > > > > Looking at git blame, that line has been commented out for as long as > > the file has existed in the repository. There is a comment above it > > saying that it's commented out because it's used by libsasl, but I don't > > understand the implications of that myself. Maybe that it's not needed > > in lib/imapoptions because libsasl takes care of it? In which case I > > guess it exists as a comment in the imapoptions file as documentation > > that the option exists, even though it is not handled by this file > > particularly. > > > > > - Would you know if there is anything to configure manually to setup > > > SASL authentication with saslauthd using sasldb ? > > > > I noticed in the "Running a basic server" document you wrote that you > > were using: > > > > > sasl_pwcheck_method: saslauthd > > > > Which is interesting because I had trouble getting that working when I > > tried it (for reasons that ended up being unrelated, I think, but I > > didn't try it again to verify). I have my VM's configured with this, > > based I think on the config/docs shipped with debian's cyrus-imapd > > package: > > > > > sasl_pwcheck_method: auxprop > > > sasl_auxprop_plugin: sasldb > > > > I'm not sure what the difference is myself, just that this seemed to > > work (though I have not touched virtual domains yet). > > > > I also see you're using: > > > > > virtdomains: yes > > > > There was a thread started by Willem Offermans on info-cyrus last week > > asking about an issue with virtual domains, in which Bron suggested > > instead using: > > > > > virtdomains: userid > > > > I don't know if it will help, but if you haven't already maybe give that > > a try too? > > > > On Mon, Jul 20, 2015, at 01:19 AM, Conrad Kleinespel wrote: > > > Hello everyone, > > > > > > After struggling a lot to try and get SASL authentication to work for > > > users with a domain name (eg conr...@conradk.com), I have noticed that > > > the "sasl_pwcheck_method" recommended in the documentation seems to be > > > commented out of the Cyrus code. > > > > > > See here for the commented out option: > > > https://git.cyrus.foundation/diffusion/I/browse/master/lib/imapoptions;690587fd545c291f2f52e2e3a14c8d4b6faad146$1600 > > > > > > I have 2 questions: > > > - Why is this commented out ? Is this meant to be uncommented at some > > > point ? > > > - Would you know if there is anything to configure manually to setup > > > SASL authentication with saslauthd using sasldb ? > > > > > > Thanks a lot for your help ! :-) > > > > > > Best regards, > > > > > > Conrad Kleinespel > > > conr...@conradk.com > > > +33 6 23 82 42 79
