Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. They can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.
# yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-plain
# /etc/sysconfig # vi saslauthd # Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR=/run/saslauthd # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled with the ablity to use. MECH="pam" # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. #FLAGS="-O smtp.example.com" # cd /etc/sasl2/ # vi smtpd.conf pwcheck_method: saslauthd mech_list: plain login
# systemctl start saslauthd # systemctl status saslauthd # systemctl enable saslauthd
Test the autenthication with the credentials of an existing user.
# testsaslauthd -u $user -p $password -s smtp 0: OK "Success."