I have an saslauthd setup to authenticate against PAM. It seems to do its stuff:
root@sasltest:~# testsaslauthd -u quest -p #### -s smtp
0: OK "Success."
I have libsasl 2.1.23, postfix 2.7.1.
I have a postfix configured thus:
smtpd_sasl_type = cyrus
smtpd_sasl_path = /var/spool/postfix/private/saslauthd/mux
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
With a master.cf thus:
submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
However, trying to authenticate in this postfix gives the following error message:
Jan 23 22:13:14 sasltest postfix/smtpd[1252]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jan 23 22:13:14 sasltest postfix/smtpd[1252]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jan 23 22:13:14 sasltest postfix/smtpd[1252]: warning: X[A.B.C.D]: SASL LOGIN
authentication failed: authentication failure
Meanwhile, there is no output from my debug-logging saslauthd.
I interpret this as meaning that libsasl2 tries to uses sasldb auth rather than try to talk to saslauthd. What I can't figure out how to tell libsasl that I want it to talk to saslauthd.
Various instructions inform you to create a file /etc/sasl2/smtpd.conf or /etc/postfix/sasl/smtpd.conf. I have tried creating these files containing:
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN
But to no effect.
How do I instruct libsasl to use saslauthd authentication?
(I can of course create /var/spool/postfix/etc/sasldb2, but this will still not result in connections to saslauthd.)
This cyrus-sasl mailing list post eventually set me on the right path.
For posterity, an attempt to produce reasonably explicit config. /etc/postfix/main.cf:
The trick in above conf is that postfix+libsasl2 does this: ${cyrus_sasl_config_path}/${smtpd_sasl_path}.conf
Once we have gotten that far, in /etc/postfix/sasl/smtpd.conf we can tell libsasl that we wanna talk to saslauthd:
Since smtpd is chrooted, saslauthd_path is relative to /var/spool/postfix. I use bind mounting to get /var/run/saslauthd into private.
Stumbling over similar issue in Ubuntu 20.04. There, the
cyrus_sasl_config_pathparameter to postfix isn't recognized at all. It's looking up /etc/postfix/sasl2/ for containing the smtpd.conf instead.In Ubuntu 20.04 smtpd seems to be chrooted by default. However, its chroot preparation script in /usr/lib/postfix/configure-instance.sh isn't covering any SASL-related files, thus you have to put it into chroot manually.
Create the missing folder in chroot:
Create the SASL2 configuration file there:
Link it from related global folder:
Make sure saslauthd socket is available in folder /var/spool/postfix/var/run/saslauthd/. You can control this by adjusting file /etc/default/saslauthd. See the comments found in that file.
I struggled with this for about an hour before figuring out via
strace -f -p piding the running postfix process that it couldn't find mysasldb2file because it was putting itself in achroot.Edit
/etc/postfix/master.cfand put annin thechrootcolumn. Restart postfix. Should work now.