mod_saslauth

Handles authentication of users and remote servers.

Details

mod_saslauth implements the standard SASL protocol according to the guidelines in RFC6120.

Usage

    modules_enabled = {
        -- Other modules
        "saslauth"; -- Enable mod_saslauth
    }

Configuration

Option	Default	Notes
c2s_require_encryption	false	Whether to force all client-to-server streams are encrypted before allowing authentication
require_encryption	false	DEPRECATED - Currently used as a fallback value, recommended to use c2s_require_encryption
anonymous_login	false	DEPRECATED - See Configuring anonymous logins - If set to true, anonymous users will be allowed to login in and authentication disabled. This also disables server-to-server communication
allow_unencrypted_plain_auth	false	Whether to allow plain-text passwords to be sent over the network
insecure_sasl_mechanisms	`{"PLAIN", "LOGIN"}`	Mechanisms that are not allowed on unencrypted connections. Defaults to the empty set if allow_unencrypted_plain_auth is set to true. Introduced in 0.10
disable_sasl_mechanisms	`{"DIGEST-MD5"}`	Set of mechanisms that will never be offered. Introduced in 0.10

Cyrus SASL integration

Documentation for this integration is available on our Cyrus SASL documentation page.

Example

    modules_enabled = {
        -- Other modules
        "saslauth"; -- Enable mod_saslauth
    }
 
    c2s_require_encryption = true
    allow_unencrypted_plain_auth = false
    disable_sasl_mechanisms = { "DIGEST-MD5" }