[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#108942: The saga of cyrus2-imapd continues

I finally got cyrus2-imapd to authenticate an account, but I had to use
"sasldb" instead of "PAM" for "sasl_pwcheck_method" in /etc/imapd.conf.

It appears that until PAM-0.74 is available in "unstable", cyrus2-imapd
won't be able to authenticate using it.  I thought about filing a "new
upstream version" bug against libpam0g, but I know there has been some
discussion about how to handle new versions of PAM in Debian.  I just
can't seem to find the correct mailing list archive or web page that 
describes this.

It would be nice to be able to have Cyrus do a two-level check, first on
real accounts via PAM, then on virtual accounts via SASL, then return an
unknown user error, but I don't know enough about PAM, SASL or Cyrus to
create a patch (yet).

I tried copying the included /etc/pam.d/cyrus to /etc/pam.d/pop and to
/etc/pam.d/imap to get Cyrus to authenticate against PAM.  This didn't
work.  That file looked like this:

------- /etc/pam.d/cyrus

# PAM configuration file for Cyrus
# If you want to use Cyrus in a setup where users don't have
# accounts on the local machine, you'll need to make sure
# you use something like pam_permit for account checking.
# Also, take a look into libpam-ldap, libpam-mysql/libpam-pgsql
# and libpam-pwdfile. They're likely to be helpful aid for creating
# a closed-box email system.

auth	required	pam_unix.so nullok
account	required	pam_unix.so

------- End of /etc/pam.d/cyrus

I also tried using the /etc/pam.d/pop and /etc/pam.d/imap (the files are
identical; see below) that came with the 2.0.16 RPMs on
<http://rmrpms.tripod.com/cyrus-imapd/> without any luck (since 
pam_stack.so is a part of PAM-0.74).

------- /etc/pam.d/[pop|imap]

auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth

------- End of /etc/pam.d/[pop|imap]

I finally did the following to create an /etc/sasldb file:

$ ssh root@localhost
# saslpasswd ddkilzer
Again (for verification):
# exit

This was done long after running "cyradm" to create a mailbox for
ddkilzer ("cm user.ddkilzer").

After creating the sasldb (and changing /etc/imapd.conf and restarting
cyrmaster), logging into the POP server through telnet worked great, and
I could connect to the imapd using mutt.  I know this isn't the ideal
setup, but it's what I'll use for now.

Hope this still helps!


Reply to: