mod_saslauth
Handles authentication of users and remote servers.
Details
mod_saslauth implements the standard SASL protocol according to the guidelines in RFC6120.
Usage
modules_enabled = {
-- Other modules
"saslauth"; -- Enable mod_saslauth
}Configuration
| Option | Default | Notes |
|---|---|---|
| c2s_require_encryption | false | Whether to force all client-to-server streams are encrypted before allowing authentication. |
| require_encryption | false | DEPRECATED - Currently used as a fallback value, recommended to use c2s_require_encryption. |
| anonymous_login | false | DEPRECATED - See Configuring anonymous logins - If set to true, anonymous users will be allowed to login in and authentication disabled. This also disables server-to-server communication. |
| allow_unencrypted_plain_auth | false | Whether to allow plain-text passwords to be used on unencrypted connections. |
| insecure_sasl_mechanisms | {"PLAIN", "LOGIN"} |
Mechanisms that are not allowed on unencrypted connections. Defaults to the empty set if allow_unencrypted_plain_auth is set to true. |
| disable_sasl_mechanisms | {"DIGEST-MD5"} |
Set of mechanisms that will never be offered, even on encrypted connections. |
Cyrus SASL integration
Documentation for this integration is available on our Cyrus SASL documentation page.
Example
modules_enabled = {
-- Other modules
"saslauth"; -- Enable mod_saslauth
}
c2s_require_encryption = true
allow_unencrypted_plain_auth = false
disable_sasl_mechanisms = { "DIGEST-MD5" }