Bug#108942: The saga of cyrus2-imapd continues
I finally got cyrus2-imapd to authenticate an account, but I had to use
"sasldb" instead of "PAM" for "sasl_pwcheck_method" in /etc/imapd.conf.
It appears that until PAM-0.74 is available in "unstable", cyrus2-imapd
won't be able to authenticate using it. I thought about filing a "new
upstream version" bug against libpam0g, but I know there has been some
discussion about how to handle new versions of PAM in Debian. I just
can't seem to find the correct mailing list archive or web page that
It would be nice to be able to have Cyrus do a two-level check, first on
real accounts via PAM, then on virtual accounts via SASL, then return an
unknown user error, but I don't know enough about PAM, SASL or Cyrus to
create a patch (yet).
I tried copying the included /etc/pam.d/cyrus to /etc/pam.d/pop and to
/etc/pam.d/imap to get Cyrus to authenticate against PAM. This didn't
work. That file looked like this:
# PAM configuration file for Cyrus
# If you want to use Cyrus in a setup where users don't have
# accounts on the local machine, you'll need to make sure
# you use something like pam_permit for account checking.
# Also, take a look into libpam-ldap, libpam-mysql/libpam-pgsql
# and libpam-pwdfile. They're likely to be helpful aid for creating
# a closed-box email system.
auth required pam_unix.so nullok
account required pam_unix.so
------- End of /etc/pam.d/cyrus
I also tried using the /etc/pam.d/pop and /etc/pam.d/imap (the files are
identical; see below) that came with the 2.0.16 RPMs on
<http://rmrpms.tripod.com/cyrus-imapd/> without any luck (since
pam_stack.so is a part of PAM-0.74).
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
------- End of /etc/pam.d/[pop|imap]
I finally did the following to create an /etc/sasldb file:
$ ssh root@localhost
# saslpasswd ddkilzer
Again (for verification):
This was done long after running "cyradm" to create a mailbox for
ddkilzer ("cm user.ddkilzer").
After creating the sasldb (and changing /etc/imapd.conf and restarting
cyrmaster), logging into the POP server through telnet worked great, and
I could connect to the imapd using mutt. I know this isn't the ideal
setup, but it's what I'll use for now.
Hope this still helps!