Cyrus SASL sasldb man page


This document describes configuration options for the Cyrus SASL auxiliary property plugin sasldb.

sasldb is always loaded by default.


It will be used if explicitly configured, but also if other mechanisms have failed to load e.g. because they haven't been configured properly.

This plugin reads all user data from a database, located at /etc/sasldb2 by default unless changed at compile time or by setting the sasldb_path option.


The plugin can be built to use a gdbm, ndbm or Sleepycat Berkeley database as backend.

Passwords are stored in plaintext format to enable usage of shared-secret mechanisms.

Use the saslpasswd2 8 utility to create and modify sasldb users. The sasldblistusers2 8 command prints a list of existing sasldb users to STDOUT.


The following configuration parameters are applicable in the context of the sasldb plugin:

sasldb_path (default: /etc/sasldb2)
This setting optionally specifies a path to a sasldb database. Setting this option overrides the default path, which is system dependant, but usually /etc/sasldb2.


The following example shows a typical sasldb configuration. The database is located at the default location /etc/sasldb2.

# GENERIC options
pwcheck_method: auxprop
mech_list: plain login cram-md5 digest-md5 ntlm

# SASLDB options
auxprop_plugin: sasldb
Patrick Koetter, 07 Jan 2015