About
saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library.
called also the saslauthd server
For the configuration, it must be told which authentication backend to turn to for password verification. The backend is selected with a saslauthd command-line option.
Articles Related
Management
Installation
yum install cyrus-sasl
Service
systemctl status saslauthd
● saslauthd.service - SASL authentication daemon.
Loaded: loaded (/usr/lib/systemd/system/saslauthd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
cat /usr/lib/systemd/system/saslauthd.service
[Unit]
Description=SASL authentication daemon.
After=syslog.target
[Service]
Type=forking
PIDFile=/run/saslauthd/saslauthd.pid
EnvironmentFile=/etc/sysconfig/saslauthd
ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS
RuntimeDirectory=saslauthd
[Install]
WantedBy=multi-user.target
Configuration
Global
The saslauthd configuration file defined by the service configure:
- the socket
- the authentication_mechanism (The is PAM])
- and some flags (arguments)
cat /etc/sysconfig/saslauthd
# or /etc/default/saslauthd.
# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/run/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=pam
# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=
By service
All service file are in:
- /etc/sasl2/
- or /usr/lib/sasl2/
Example:
ls /etc/sasl2/
smtpd.conf # for smtp
Authentication mechanism
To get a list of which mechanism are available
saslauthd -v
saslauthd 2.1.26
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap httpform
ie:
- See the list also in the documentation Postfix to Cyrus SASL communication
Plain
- Installation
yum install cyrus-sasl-plain
Shadow
The saslauthd server verifies passwords against the authentication backend /etc/shadow file if:
- started like this:
saslauthd -a shadow
Test
Cyrus SASL provides the testsaslauthd utility to test saslauthd authentication. The username and password are given as command line arguments. The example shows the response when authentication is successful:
testsaslauthd -u username -p password -s service
# for the smtp service
testsaslauthd -u username -p password -s smtp
0: OK "Success."