Cyrus SASL saslpasswd2 man page


saslpasswd2 is used by a server administrator to set a user's SASL password for server programs and SASL mechanisms which use the standard libsasl database of user secrets. By default it creates, modifies and disables users in a sasldb 5 database. Given an optional configuration file (see: saslpasswd.conf 5) it can also edit other authentication backends.


The following command line parameters are available:

This option instructs saslpasswd2 to work in pipe mode. It will neither prompt for the password nor verify that it was entered correctly. This is the default when standard input is not a terminal.
Creates an entry for the user if the user doesn't already exist. This is mutually exclusive with the -d option.
Deletes the entry for the user. This is mutually exclusive with the -c option.
Don't set the plaintext userPassword property for the user. Only mechanism-specific secrets will be set (e.g. OTP, SRP)
-u domain (default: system FQDN hostname)
Use domain to set user domain property (realm).
-f file
Create sasldb database at specified location. If not specified the default location (/etc/sasldb2) will be used.
-a appname
Optionally use appname to set the application name property.
Print libsasl 5 version number and exit.


Creating a user:


A configuration that lets saslpasswd2 create, modify and disable users in a MySQL server:

# GENERIC options
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain cram-md5 digest-md5
log_level: 1

# SQL auxprop plugin options
sql_engines: mysql
sql_user: sasl
sql_passwd: secret
sql_database: sasl
sql_select: SELECT %p FROM user WHERE username = '%u' AND userrealm = '%r'
sql_insert: INSERT INTO user (id, username, userrealm, %p) VALUES ('', '%u', '%r', '%v')
sql_update: UPDATE user SET `%p` = '%v' WHERE username = '%u' AND userrealm = '%r'
Patrick Koetter, 07 Jan 2015