I have an saslauthd setup to authenticate against PAM. It seems to do its stuff:
root@sasltest:~# testsaslauthd -u quest -p #### -s smtp
0: OK "Success."
I have libsasl 2.1.23, postfix 2.7.1.
I have a postfix configured thus:
smtpd_sasl_type = cyrus
smtpd_sasl_path = /var/spool/postfix/private/saslauthd/mux
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
With a master.cf thus:
submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
However, trying to authenticate in this postfix gives the following error message:
Jan 23 22:13:14 sasltest postfix/smtpd[1252]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jan 23 22:13:14 sasltest postfix/smtpd[1252]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jan 23 22:13:14 sasltest postfix/smtpd[1252]: warning: X[A.B.C.D]: SASL LOGIN
authentication failed: authentication failure
Meanwhile, there is no output from my debug-logging saslauthd.
I interpret this as meaning that libsasl2 tries to uses sasldb auth rather than try to talk to saslauthd. What I can't figure out how to tell libsasl that I want it to talk to saslauthd.
Various instructions inform you to create a file /etc/sasl2/smtpd.conf or /etc/postfix/sasl/smtpd.conf. I have tried creating these files containing:
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN
But to no effect.
How do I instruct libsasl to use saslauthd authentication?
(I can of course create /var/spool/postfix/etc/sasldb2, but this will still not result in connections to saslauthd.)
Best Answer
This cyrus-sasl mailing list post eventually set me on the right path.
For posterity, an attempt to produce reasonably explicit config. /etc/postfix/main.cf:
The trick in above conf is that postfix+libsasl2 does this: ${cyrus_sasl_config_path}/${smtpd_sasl_path}.conf
Once we have gotten that far, in /etc/postfix/sasl/smtpd.conf we can tell libsasl that we wanna talk to saslauthd:
Since smtpd is chrooted, saslauthd_path is relative to /var/spool/postfix. I use bind mounting to get /var/run/saslauthd into private.