Cyrus SASL saslpasswd.conf man page


The optional saslpasswd.conf configuration file controls which authentication backends - sasldb, sql and ldapdb auxprop plugins - the saslpasswd2 command will use to create, modify and disable authentication identities.

To Cyrus SASL saslpasswd2 is like any other server that requests authentication services. The command identifies itself with the application name saslpasswd and libsasl searches for configuration that describes how authentication for that application should take place.

The libary will search in /usr/lib/sasl2 and then in /etc/sasl for a file named saslpasswd.conf. First match wins! If it finds a configuration file in /usr/lib/sasl2 it will not look for another one in /etc/sasl.


The following configuration file /etc/sasl/saslpasswd.conf defines a MySQL server as authentication backend for saslpasswd2:

# GENERIC options
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain cram-md5 digest-md5 ntlm
log_level: 1

# SQL auxprop plugin options
sql_engines: mysql
sql_user: sasl
sql_passwd: secret
sql_database: sasl
sql_select: SELECT %p FROM user WHERE username = '%u' AND userrealm = '%r'
sql_insert: INSERT INTO user (id, username, userrealm, %p) VALUES ('', '%u', '%r', '%v')
sql_update: UPDATE user SET `%p` = '%v' WHERE username = '%u' AND userrealm = '%r'


Note sql_insert and sql_update configuration settings - they tell saslpasswd2 how to write to the authentication backend.

Patrick Koetter, 07 Jan 2015