jan parcel
2018-06-27 19:11:39 UTC
From the 2.1.27 docs:
https://www.cyrusimap.org/sasl/sasl/pwcheck.html#saslauthd
instance, "-a shadow" goes through getspnam and/or getuserpw, which can
go through naming services whatever they are, at least on Solaris.
So are the rest of the mechs listed below deprecated? OR....what?
libsasl2 is supposedly the best way to get mail programs hooked up with
authentication for spam prevention, and we have a policy against
plaintext passwords, so I was hoping to provide a saslauthd service that
could be used by customers to hook up sasl to naming services.
The 2.1.26 man page says:
NAME
    saslauthd - sasl authentication server
SYNOPSIS
    saslauthd -a authmech [-Tvdchlr] [-O option] [-m mux_path] [-n
threads]
              [-s size] [-t timeout]
AUTHENTICATION MECHANISMS
    saslauthd supports one or more "authentication mechanisms", dependent
    upon the facilities provided by the underlying operating system. The
    mechanism is selected by the -a flag from the following list of
choices:
    dce       (AIX)
    getpwent  (All platforms)
    kerberos4 (All platforms)
    kerberos5 (All platforms)
    pam       (Linux, Solaris)
    rimap     (All platforms)
   shadow    (AIX, Irix, Linux, Solaris)
    sasldb    (All platforms)
    ldap      (All platforms that support OpenLDAP 2.0 or higher)
    sia       (Digital UNIX)
https://www.cyrusimap.org/sasl/sasl/pwcheck.html#saslauthd
*What is saslauthd?*saslauthd is a daemon which validates
|ldap_servers|-|ldap://localhost|
I always thought that saslauthd was for a whole lot of things. For|ldap_servers|-|ldap://localhost|
instance, "-a shadow" goes through getspnam and/or getuserpw, which can
go through naming services whatever they are, at least on Solaris.
So are the rest of the mechs listed below deprecated? OR....what?
libsasl2 is supposedly the best way to get mail programs hooked up with
authentication for spam prevention, and we have a policy against
plaintext passwords, so I was hoping to provide a saslauthd service that
could be used by customers to hook up sasl to naming services.
The 2.1.26 man page says:
NAME
    saslauthd - sasl authentication server
SYNOPSIS
    saslauthd -a authmech [-Tvdchlr] [-O option] [-m mux_path] [-n
threads]
              [-s size] [-t timeout]
AUTHENTICATION MECHANISMS
    saslauthd supports one or more "authentication mechanisms", dependent
    upon the facilities provided by the underlying operating system. The
    mechanism is selected by the -a flag from the following list of
choices:
    dce       (AIX)
    getpwent  (All platforms)
    kerberos4 (All platforms)
    kerberos5 (All platforms)
    pam       (Linux, Solaris)
    rimap     (All platforms)
   shadow    (AIX, Irix, Linux, Solaris)
    sasldb    (All platforms)
    ldap      (All platforms that support OpenLDAP 2.0 or higher)
    sia       (Digital UNIX)
--
Jan Parcel, Software Developer
Oracle Systems Server & Cloud Engineering
Jan Parcel, Software Developer
Oracle Systems Server & Cloud Engineering