-
Notifications
You must be signed in to change notification settings - Fork 0
How to use saslauthd with IMAP
On Debian and Ubuntu, install the package sasl2-bin and enable authentication against the local IMAP server in /etc/default/saslauthd. Add system users that will communicate with saslauthd to the sasl group.
START=yes
MECHANISMS="rimap"
MECH_OPTIONS="localhost"
OPTIONS="-c -m /run/saslauthd"On Fedora, install the package cyrus-sasl and edit /etc/sysconfig/saslauthd. Read the saslauthd(8) manual page for information on how to run the saslauthd daemon unprivileged.
MECH=rimap
FLAGS="-O localhost -c"On Mageia, install the package cyrus-sasl and edit /etc/sysconfig/saslauthd.
SASL_AUTHMECH=rimap
SASLAUTHD_OPTS="-O localhost -c"On openSUSE, install the package cyrus-sasl-saslauthd and edit /etc/sysconfig/saslauthd.
SASLAUTHD_AUTHMECH=rimap
SASLAUTHD_PARAMS="-O localhost -c"Enable and start the service.
sudo systemctl enable saslauthd.service
sudo systemctl restart saslauthd.serviceTest your setup.
unset HISTFILE
sudo testsaslauthd -u $USER -p 'your password'The IMAP server Dovecot supports multiple password databases. For example, if you would like to use different passwords on your workstations and mobile devices for email access, you could add additional password file settings to /etc/dovecot/conf.d/10-auth.conf.
!include auth-passwdfile.conf.ext
!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
Create the file /etc/dovecot/conf.d/auth-passwdfile.conf.ext.
passdb {
driver = passwd-file
args = username_format=%n /etc/dovecot/passwd
}
Create the file /etc/dovecot/passwd.
touch /etc/dovecot/passwd
chgrp dovecot /etc/dovecot/passwd
chmod 0640 /etc/dovecot/passwdGenerate passwords with the command doveadm pw.
user1:{CRYPT}$2y$05$oGWbpR9dduG3qPHVQ6R3jexmVeBA2iGqgtEkb4hJmRP3e/f4QcXGC
user2:{CRYPT}$2y$05$tGoOPw3tg/oZPEX4NhG6RuHjGBxFDr3Y0AwZtwQceD7Vvzw3qXxJq
Read Postfix and Dovecot SASL or Exim's documentation for information on how to use Dovecot for SMTP authentication.
Note: Don't enable credential caching, i.e. don't pass the option "-c" to the saslauthd daemon if you use multiple passwords to access your mail server.