saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library.
saslauthd is binary shipped in cyrus SASL bundle. It's functioned as a background process who checks passwords using a variety of mechanisms. This server fulfills two roles
- It isolates all code requiring superuser privileges into a single process
- It can be used to provide proxy authentication services to clients that do not understand SASL based authentication.
This binary accept several parameters, for example
- -m path : Specify pathname to the named socket to listen on for connection requests.
- -c : Enable cacheing of authentication credentials
The important parameter is -a to specify authentication mechanism used by saslauthd. The mechanism is dependent upon the facilities provided by the underlying operating system. The example of them is
- getpwent -- use the getpwent() library function
- kerberos5 -- use Kerberos 5
- pam -- use Pluggable Authentication Modules (PAM)
- rimap -- use a remote IMAP server specified in
-Oparameter - shadow -- use the local shadow password file
- sasldb -- use the local sasldb database file
- ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
testsaslauthd binary was used as test utility for the SASL authentication server. Specify an additional -f /path/to/socketdir/mux if saslauthd establishes the UNIX-domain socket in a non-default location. The example shows the response when authentication is successful:
% testsaslauthd -u username -p password
0: OK "Success."
For further references:
