saslauthd: support several authentication methods
Dan White
dwhite at olp.net
Thu Dec 10 19:51:20 UTC 2009
On 09/12/09 17:30 +0100, Dmitry Katsubo wrote:
> Dear SASL developers!
>
> I wonder, is there any reason why saslauthd does not support several
> authentication methods at once? I have looked at source code and it
> seems to be nothing preventing of doing so except maybe some ideological
> reasons.
>
> In my case I have a set of users in LDAP (with all office-wide
> information defined) and the policy is to authenticate themselves when
> sending emails via postfix. But sometimes I would like to create
> temporary accounts (to be used only for authentication) in /etc/sasldb2
> and I would like saslauthd to lookup in LDAP first, and then in sasldb.
> I expect that "saslauthd -a 'ldap,sasldb'" should do the job, but only
> one authentication mechanism is supported so far. Launching two
> saslauthd instances also won't help...
>
> Is there any reasonable solution for above?
Dmitry,
In theory, the following configuration in your postfix smtpd.conf will do
what you want:
pwcheck_method: saslauthd auxprop
auxprop_plugin: sasldb
Alternatively, you could drop saslauthd, and do something like:
pwcheck_method: auxprop
auxprop_plugin: ldapdb sasldb
But that would require some ldapdb setup.
I'm doing something similar to the first scenario on a production server at
the moment (except that I have auxprop listed before saslauthd).
--
Dan White
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list