Am Mittwoch, 10. März 2004 15:18 schrieb Markus Feilner:
Now: postfix grants all users access based on user/password kombinations in sasldb - and only those users. Shouldn't saslauth use the local user/password Kombination?
Please define "saslauth". I'm not sure, what you mean.
O.K. I made postfix use SASL auth - by the parameters above means, it uses saslauthd for authentikation. Right?
Yes.
saslauthd is configured to auth against pam. Right?
Yes.
But: saslauthd uses User/Password combinations from sasldb. Why?
No. saslauthd and sasldb are two diffrent things.
Where is my mistake?
(BTW: Why does sasl with PAM only work with PLAIN?)
It works with plain and login.
Sorry, You are right. But I want to understand, why I cannot use either MD5 methods for that...
To use the *-MD5 Mechanisms, Cyrus-SASL needs access to the unencrypted plaintext-password. This based on the algorithms how these hashes are computed. The other reason is saslauthd itself. It speaks a protocol where the Lib only asks saslauthd if the password is correct: Lib -> saslauthd : Is "User","Realm","Password" Ok saslauthd -> Lib: "Ok" / "Not Ok" That's all, no way to exchange a password. -- Andreas