Bug#108942: The saga of cyrus2-imapd continues
> >>>>> "David" == David D Kilzer <firstname.lastname@example.org> writes:
> David> I finally got cyrus2-imapd to authenticate an account, but
> David> I had to use "sasldb" instead of "PAM" for
> David> "sasl_pwcheck_method" in /etc/imapd.conf.
> David> It appears that until PAM-0.74 is available in "unstable",
> David> cyrus2-imapd won't be able to authenticate using it. I
> David> thought about filing a "new upstream version" bug against
> David> libpam0g, but I know there has been some discussion about
> David> how to handle new versions of PAM in Debian. I just can't
> David> seem to find the correct mailing list archive or web page
> David> that describes this.
On Wed, Nov 07, 2001 at 04:16:55PM -0500, Sam Hartman wrote:
> Disbelieve. It can be handled the same way as cyrus 1.x.
So you're saying that pwcheck can be used with PAM-0.72 and
cyrus2-imapd-2.0.x. Unfortunately, the way the software is packaged
currently doesn't make that possible.
To handle cyrus2-imapd-2.0.x the same way as cyrus-imapd-1.5.x would
require the use of the pwcheck daemon. This daemon has been removed
from the cyrus2-imapd-2.0.x source tree, but may still be found in the
cyrus-sasl-1.5.24 source. Unfortunately, cyrus-sasl-1.5.24 doesn't
currently build pwcheck the same way that cyrus-imapd-1.5.19 does (in
two flavors: pwcheck_standard and pwcheck_pam).
To confuse matters further, cyrus2-sasl-2.0.x betas now include a
replacement for pwcheck called saslauthd. Unfortunately, no one has
packaged cyrus2-sasl-2.0.x yet.
In summary, using "sasldb" for the "sasl_pwcheck_method" parameter in
/etc/imapd.conf will work in the short term until the pwcheck/saslauthd
situation is resolved. (I am NOT saying this is the best solution, but
it works for me now.) More work is required if pwcheck or saslauthd
is to be used.
(Just trying to document the current state of the cyrus2-imapd package
and what may need to be done in the future.)