saslpasswd2
This is the utility for creating, changing, and deleting users and passwords from the local sasl database (usually /etc/sasldb2).
You can run it either as root or the cyrus admin user (in our case, cyrus ). Check the ownership of the sasl database if you are unsure.
Invocation is insultingly easy:
$ /usr/local/sbin/saslpasswd2 -c user
For some reason, the auth.log records whining about being unable to change the database.
More exciting options:
# saslpasswd2
This product includes software developed by Computing Services
at Carnegie Mellon University (![>>](/web/20231001162746im_/https://wiki.xdroop.com/theme/images/Icon-Extlink.png)[http://www.cmu.edu/computing/](https://web.archive.org/web/20231001162746/http://www.cmu.edu/computing/)).
saslpasswd2: usage: saslpasswd2 [-v] [-c [-p] [-n]] [-d] [-a appname] [-f sasldb] [-u DOM] userid
-p pipe mode -- no prompt, password read on stdin
-c create -- ask mechs to create the account
-d disable -- ask mechs to disable/delete the account
-n no userPassword -- don't set plaintext userPassword property
(only set mechanism-specific secrets)
-f sasldb use given file as sasldb
-a appname use appname as application name
-u DOM use DOM for user domain
-v print version numbers and exit
So if you are creating a domain-specific user, you'd do something like:
saslpasswd2 -c steve -u domain.com