SASL - saslauthd server (Cyrus SASL)

About

saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library.

called also the saslauthd server

For the configuration, it must be told which authentication backend to turn to for password verification. The backend is selected with a saslauthd command-line option.

Management

Installation

yum install cyrus-sasl

Service

systemctl status saslauthd
● saslauthd.service - SASL authentication daemon.
   Loaded: loaded (/usr/lib/systemd/system/saslauthd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
cat /usr/lib/systemd/system/saslauthd.service
[Unit]
Description=SASL authentication daemon.
After=syslog.target

[Service]
Type=forking
PIDFile=/run/saslauthd/saslauthd.pid
EnvironmentFile=/etc/sysconfig/saslauthd
ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS
RuntimeDirectory=saslauthd

[Install]
WantedBy=multi-user.target

Configuration

Global

The saslauthd configuration file defined by the service configure:

cat /etc/sysconfig/saslauthd
# or  /etc/default/saslauthd.
# Directory in which to place saslauthd's listening socket, pid file, and so
# on.  This directory must already exist.
SOCKETDIR=/run/saslauthd

# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=pam

# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
# for the list of accepted flags.
FLAGS=

By service

All service file are in:

  • /etc/sasl2/
  • or /usr/lib/sasl2/

Example:

ls /etc/sasl2/
smtpd.conf # for smtp

Authentication mechanism

To get a list of which mechanism are available

saslauthd -v
saslauthd 2.1.26
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap httpform

ie:

Plain

  • Installation
yum install cyrus-sasl-plain

Shadow

The saslauthd server verifies passwords against the authentication backend /etc/shadow file if:

  • started like this:
saslauthd -a shadow

Test

Cyrus SASL provides the testsaslauthd utility to test saslauthd authentication. The username and password are given as command line arguments. The example shows the response when authentication is successful:

testsaslauthd -u username -p password -s service
# for the smtp service
testsaslauthd -u username -p password -s smtp
0: OK "Success."

Powered by ComboStrap