[csw-users] ***SPAM*** How to use saslauthd?

[James Lee]

My example task is to use Cyrus IMAP without system /etc/passwd
accounts.  I'm thinking sasl is the method.

If I set "sasl_pwcheck_method: auxprop" in /opt/csw/etc/imapd.conf 
and set permission for cyrus to read /opt/csw/etc/sasldb2 (by chgrp
sasl and adding sasl to Cyrus's groups), then cyrus uses the passwords
set by /opt/csw/sbin/saslpasswd2.

But that isn't using saslauthd.  I would have thought the point of
saslauthd was so other programs, in this case cyrus, didn't have to
read specific system files directly.  Reading /opt/csw/etc/ directly
contravenes the requirement to have a read-only /opt/csw so there
ought to be a way of using an alternate location, eg, in /etc/opt/csw
or /var/opt/csw.

Setting the METHOD in /opt/csw/etc/saslauthd.init to "shadow" and
"sasl_pwcheck_method: saslauthd" in /opt/csw/etc/imapd.conf  allows
cyrus to authenticate and authorise a user with a system account, so
cyrus is not at fault.

Guessing I need to set the method of saslauthd to sasldb gives:
saslauthd[454] :set_auth_mech   : unknown authentication mechanism: 
sasldb
and the man page suggests I don't want to do this even if it did work.
If it's a bad idea for saslauthd it must be a worse idea for cyrus to
use this file.

So, how should I to configure saslauthd?
Or any better methods of authentication by, eg, cyrus?




James.