I have configured Postfix to work with SASL using plain text, where the former automatically submits a default realm to the latter when requesting authentication.
Assuming the domain name is example.com and the user is foo, here is how I configured it on my Debian system so far.
In the postfix configuration file /etc/main.cf:
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
The SMTP configuration file /etc/postfix/smtpd.conf contains:
pwcheck_method: saslauthd
mech_list: PLAIN
The SASL daemon is configured with the sasldb mechanism in /etc/default/saslauthd:
MECHANIMS="sasldb"
The SASL database file contains a single user, shown by sasldblistusers2:
[email protected]: userPassword
The authentication works well without having to provide a realm, as postifx does that for me. However, I cannot find out how to tell the Cyrus IMAP daemon to do the same.
I created a user cyrus in my SASL database, which uses the realm of the host domain name, not example.com, for administrative purpose. I used this account to create a mailbox through cyradm for the user foo:
cm user.foo
IMAP is configured in /etc/imapd.conf this way:
allowplaintext: yes
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
servername: mail.example.com
If I enable cross-realm authentication (loginrealms: example.com), trying to authenticate using imtest works with these options:
imtest -m login -a
[email protected] localhost
However, I would like to be able to authenticate without having to specify the realm, like this:
imtest -m login -a foo localhost
I thought that using virtdomains (setting it either to userid or on) and defaultdomain: example.com would do just that, but I cannot get to make it work.
I always end up with this error:
cyrus/imap[11012]: badlogin: localhost [127.0.0.1] plaintext foo SASL(-13): authentication failure: checkpass failed
What I understand is that cyrus-imapd never tries to submit the realm when trying to authenticate the user foo.
My question: how can I tell cyrus-imapd to send the domain name as the realm automatically?
Thanks for your insights!
