We will use SASL (Simple Authentication and Security Layer) to authorize users in our system, it’s a simple and fast system for user authentication and compatible with our ingoing and outgoing mail programs so users will be created just once. User can be authenticated through different mechanisms, these mechanisms are series of challenges the password must pass to match the user.
I am using Ubuntu Server 12.04 for this installation, so I will use commands like apt-get and sudo that may or may not exist in your distribution, but the basis of this installation may possibly match your system.
Let’s install sasl2:
$ sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules
Then, we must make it start at boot and make it use sasldb database file instead any other authentication method so we must edit /etc/default/saslauthd file changing the following lines:
# Should saslauthd run automatically on startup? (default:no) START=yes ..... ..... # Example MECHANISMS="pam" MECHANISMS="sasldb"
Save it and restart the daemon:
$ sudo service saslauthd restart
We can now start creating users, starting with our mail administration user, called cloud (yeah, it’s a very bad name, but it’s only an example):
$ sudo saslpasswd2 -c cloud Password: *** Again: ***
What to do with sasl users
These are several things we can do with sasl users, just as any kind of cheat sheet :
We have seen it some lines above,
$ sudo saslpasswd2 -c [username]
But if the user resides within a particular domain:
$ sudo saslpasswd2 -c [username] -u [domain]
You can try saslpasswd2 -c username@domain or saslpasswd2 usermane@domain
change some user password
$ sudo saslpasswd2 [username]
It will ask you for the password twice, as when it was created.
$ sudo saslpasswd2 [username] -u [domain]
If the user doesn’t exist, it will be created.
$ sudo saslpasswd2 -d [username] -u [domain]
If the user doesn’t exist, it won’t warn you
$ sudo sasldblistusers2