so you haven't changed your /etc/pam.d/imap ?<br>mine says:<br>#%PAM-1.0<br>auth include system-auth<br>account include system-auth<br><br><br><div><span class="gmail_quote">2008/1/22, Alain Spineux <<a href="mailto:aspineux@gmail.com">
aspineux@gmail.com</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On Jan 22, 2008 3:09 PM, badock <<a href="mailto:badock@gmail.com">
badock@gmail.com</a>> wrote:<br>> OK, so with PAM, how do you set passwords to your virtual users ?<br>> sorry, i'm like _really_ lost, and running out of time :-/<br><br>Virtual user ? This mean your user don have local access to the server
<br>(ssh, ftp ...)<br>Then you can use sasldb, without saslauth<br>Exactly as I said.<br><br>Maybe you have some problem with domain.<br><br>1 saspasswd2 foobar<br>2 saspasswd2 foobar@defaultdomain<br>3 saspasswd2 foobar@anotherdomain
<br><br>can have different result.<br><br>1 and 2 can have the same result if defaultdomain is the default domain<br><br>I gave you my working config on centos-5.1, just changing imapd.conf<br>and creating sasldb.<br><br>
<br><br><br>><br>> thanks.<br>><br>> 2008/1/22, Alain Spineux < <a href="mailto:aspineux@gmail.com">aspineux@gmail.com</a>>:<br>><br>> > On Jan 22, 2008 2:33 PM, badock < <a href="mailto:badock@gmail.com">
badock@gmail.com</a>> wrote:<br>> > > mmmmh i still don't manage to have the 'testsaslauthd -u logon -p<br>> password'<br>> > > work...<br>> > > does yours work allright ?<br>> > > can you paste your /etc/sysconfig/saslauthd file please ?
<br>> ><br>> > I don't use saslauthd !<br>> ><br>> > > in mine :<br>> > > SOCKETDIR=/var/run/saslauthd<br>> > > MECH=pam<br>> > > FLAGS=<br>> ><br>> > If you use saslauthd with PAM, like you are trying, you dont need to
<br>> > work with a sasldb nor saslpasswd ....<br>> ><br>> ><br>> > ><br>> > ><br>> > ><br>> > > 2008/1/21, Alain Spineux <<a href="mailto:aspineux@gmail.com">aspineux@gmail.com
</a>>:<br>> > > > On Jan 21, 2008 5:31 PM, badock <<a href="mailto:badock@gmail.com">badock@gmail.com</a> > wrote:<br>> > > > > OK, apparently, i have a problem, but it's more a SASL problem.
<br>> > > > > I set passwords with "saslpasswd2 -c logon" and then tried to check<br>> > > whether<br>> > > > > it worked with the command : "testsaslauthd -u logon -p password"
<br>> and it<br>> > > > > doesn't work... :S<br>> > > ><br>> > > > Do you want to use saslauth or just don't realy know what you are<br>> doing?<br>> > > ><br>
> > > > I have just migrated my server yesterday using just here are some of<br>> my<br>> > > config :<br>> > > ><br>> > > > # cat /etc/imapd.conf<br>> > > > configdirectory: /var/lib/imap
<br>> > > > partition-default: /var/spool/imap<br>> > > > admins: cyrus<br>> > > > sievedir: /var/lib/imap/sieve<br>> > > > sendmail: /usr/sbin/sendmail<br>> > > > #sasl_pwcheck_method: saslauthd
<br>> > > > sasl_pwcheck_method: auxprop<br>> > > > sasl_auxprop_plugin: sasldb<br>> > > > sasl_mech_list: PLAIN<br>> > > ><br>> > > > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-
imapd.pem<br>> > > > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem<br>> > > > tls_ca_file: /etc/pki/tls/certs/ca- bundle.crt<br>> > > ><br>> > > > virtdomains: userid<br>
> > > > defaultdomain: max.asxnet.loc<br>> > > > loginrealms: max.asxnet.loc<br>> > > ><br>> > > > hashimapspool: yes<br>> > > ><br>> > > > altnamespace: 0
<br>> > > > unixhierarchysep: yes<br>> > > > lmtp_downcase_rcpt: yes<br>> > > > username_tolower: 1<br>> > > ><br>> > > ><br>> > > > THE relevant thing for you are :
<br>> > > ><br>> > > > sasl_pwcheck_method: auxprop<br>> > > > sasl_auxprop_plugin: sasldb<br>> > > ><br>> > > ><br>> > > > # history | grep sasl<br>
> > > > 705 sasldblistusers2<br>> > > > 706 saslpasswd2 <a href="mailto:cyrus@max.asxnet.loc">cyrus@max.asxnet.loc</a><br>> > > > 707 sasldblistusers2<br>> > > > 709 saslpasswd2 -u
max.asxnet.loc root<br>> > > > 710 sasldblistusers2<br>> > > > 728 chown cyrus.mail /etc/sasldb2<br>> > > ><br>> > > ><br>> > > > ><br>> > > > > I checked the logs, here's what i found :
<br>> > > > > in /var/log/secure:<br>> > > > > # Jan 21 17:12:28 demovm33 saslauthd[3393]: pam_unix(imap:auth):<br>> check<br>> > > > > pass; user unknown<br>> > > > > # Jan 21 17:12:28 demovm33 saslauthd[3393]: pam_unix(imap:auth):
<br>> > > > > authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=<br>> > > > > # Jan 21 17:12:28 demovm33 saslauthd[3393]:<br>> pam_succeed_if(imap:auth):<br>> > > > > error retrieving information about user logon
<br>> > > > ><br>> > > > > in /var/log/messages:<br>> > > > > # Jan 21 17:12:20 demovm33 saslauthd[3351]: server_exit :<br>> master<br>> > > > > exited: 3351
<br>> > > > > # Jan 21 17:12:21 demovm33 saslauthd[3376]: set_auth_mech :<br>> unknown<br>> > > > > authentication mechanism: map<br>> > > > > # Jan 21 17:12:27 demovm33 saslauthd[3392]: detach_tty :
<br>> master<br>> > > pid<br>> > > > > is: 3392<br>> > > > > # Jan 21 17:12:27 demovm33 saslauthd[3392]: ipc_init :<br>> listening<br>> > > on<br>> > > > > socket: /var/run/saslauthd/mux
<br>> > > > > # Jan 21 17:12:31 demovm33 saslauthd[3393]: do_auth : auth<br>> > > failure:<br>> > > > > [user=logon] [service=imap] [realm=] [mech=pam] [reason=PAM auth<br>> error]
<br>> > > > ><br>> > > > > OK, so that's when in /etc/sysconfig/saslauthd i have one line<br>> saying :<br>> > > > > # MECH=pam<br>> > > > ><br>> > > > > I tried with several other "MECH" but i still get errors like, for
<br>> > > instance<br>> > > > > with MECH=shadow :<br>> > > > > # Jan 21 17:11:41 demovm33 saslauthd[3318]: server_exit :<br>> master<br>> > > > > exited: 3318
<br>> > > > > # Jan 21 17:11:41 demovm33 saslauthd[3351]: detach_tty :<br>> master<br>> > > pid<br>> > > > > is: 3351<br>> > > > > # Jan 21 17:11:41 demovm33 saslauthd[3351]: ipc_init :
<br>> listening<br>> > > on<br>> > > > > socket: /var/run/saslauthd/mux<br>> > > > > # Jan 21 17:11:43 demovm33 saslauthd[3352]: do_auth : auth<br>> > > failure:
<br>> > > > > [user=logon] [service=imap] [realm=] [mech=shadow] [reason=Unknown]<br>> > > > ><br>> > > > ><br>> > > > > I couldn't try to use the MECH=sasldb because natively the sasldb
<br>> mech<br>> > > is<br>> > > > > disabled, so i have two options :<br>> > > > > 1. compile a new saslauthd from sources that supports sasldb (i<br>> tried<br>> > > and
<br>> > > > > failed, i get error coming from the .c and .h files :-/ )<br>> > > > > 2. have it working without the sasldb, which i guess is possible...<br>> i<br>> > > mean i<br>
> > > > > only need a simple login/password thing, it's not that complex<br>> > > > ><br>> > > > > So anyway, when _you_ use this cyrus-imapd thing, do you<br>> authenticate
<br>> > > with<br>> > > > > the sasldb by typing login/password, or do you do it another way ?<br>> > > > ><br>> > > > > Hope it's clearer now to you (it isn't to me... ;) )
<br>> > > > > Any idea, please ?<br>> > > > ><br>> > > > ><br>> > > > > @Alain> about this RCTP TO error, i'd say it comes from the SMTP,<br>> but i<br>
> > > > > don't understand what you meant by "Ave you configured your SMTP to<br>> > > accept<br>> > > > > <a href="mailto:lgon@mydomai.com">lgon@mydomai.com</a> ?", do i have to configure something on the SMTP
<br>> side ?<br>> > > ><br>> > > > Often things are made to work together without to much change.<br>> > > > It help to stay in the main idea of the developer, but not always easy<br>
> > > > to guest it.<br>> > > > Yesterday I didn't touch my postfix on my centos 5.1 to make it works<br>> > > > with cyrus.<br>> > > ><br>> > > > Regards<br>
> > > > > Thanks for paying interest in my helplessness :)<br>> > > > ><br>> > > > ><br>> > > > ><br>> > > > > 2008/1/21, Alain Spineux < <a href="mailto:aspineux@gmail.com">
aspineux@gmail.com</a>>:<br>> > > > ><br>> > > > > > On Jan 21, 2008 2:19 PM, badock <<a href="mailto:badock@gmail.com">badock@gmail.com</a>> wrote:<br>> > > > > > >
<br>> > > > > > > Hello all,<br>> > > > > > ><br>> > > > > > > I recently installed cyrus-imapd, and i'm now trying to make it<br>> > > work.<br>
> > > > > > > I created a mailbox user (cm user.logon) then acl'ed it (sam<br>> > > user.logon<br>> > > > > > > logon all)<br>> > > > > > > Then i set a password to logon : saslpasswd2 -c logon
<br>> > > > > ><br>> > > > > > maybe a<br>> > > > > > # chown cyrus.cyrus /etc/sasl2.db<br>> > > > > > or something like that could help<br>> > > > > > Read all cyrus error messages in log files!
<br>> > > > > ><br>> > > > > > > So now, i expect the "user" logon to have access to his mailbox<br>> > > > > > > But it doesn't work, cause<br>> > > > > > >
<br>> > > > > > > 1. i can't telnet/login to the imap server with "logon":<br>> > > > > > > shell says:<br>> > > > > > > LOGIN BAD Error in IMAP commabd received by server
<br>> > > > > > ><br>> > > > > > > 2. i can't send any mail to <a href="mailto:logon@host.domain.com">logon@host.domain.com</a><br>> > > > > > > mailer says :
<br>> > > > > > > RCPT TO < <a href="mailto:logon@mydomain.com">logon@mydomain.com</a>> failed :<br>> > > > > > > < <a href="mailto:logon@mydomain.com">logon@mydomain.com
</a> >: Recipient address rejected: User<br>> > > unknown in<br>> > > > > > > local recipient table<br>> > > > > ><br>> > > > > > Where this message come from ? SMTP or cyrus ? Is-it lmtpd ?
<br>> > > > > > Can you give some more line around this error ?<br>> > > > > > Ave you configured your SMTP to accept <a href="mailto:lgon@mydomai.com">lgon@mydomai.com</a> ?<br>> > > > > >
<br>> > > > > > ><br>> > > > > > ><br>> > > > > > > Do you have an idea how i can check wether the imap works or<br>> not ?<br>> > > > > > > Actually i'd like to check if my settings are ok, is there a way
<br>> to<br>> > > > > check<br>> > > > > > > that ?<br>> > > > > > ><br>> > > > > > ><br>> > > > > > > Thanks in advance.
<br>> > > > > > ><br>> > > > > > > ----<br>> > > > > > > Cyrus Home Page: <a href="http://cyrusimap.web.cmu.edu/">http://cyrusimap.web.cmu.edu/</a><br>> > > > > > > Cyrus Wiki/FAQ:
<a href="http://cyrusimap.web.cmu.edu/twiki">http://cyrusimap.web.cmu.edu/twiki</a><br>> > > > > > > List Archives/Info:<br>> <a href="http://asg.web.cmu.edu/cyrus/mailing-list.html">http://asg.web.cmu.edu/cyrus/mailing-list.html
</a><br>> > > > > > ><br>> > > > > ><br>> > > > > ><br>> > > > > ><br>> > > > > > --<br>> > > > > > Alain Spineux
<br>> > > > > > aspineux gmail com<br>> > > > > > May the sources be with you<br>> > > > > ><br>> > > > ><br>> > > > ><br>> > > >
<br>> > > ><br>> > > ><br>> > > > --<br>> > > > Alain Spineux<br>> > > > aspineux gmail com<br>> > > > May the sources be with you<br>> > > >
<br>> > ><br>> > ><br>> ><br>> ><br>> ><br>> > --<br>> > Alain Spineux<br>> > aspineux gmail com<br>> > May the sources be with you<br>> ><br>><br>><br>
<br><br><br>--<br>Alain Spineux<br>aspineux gmail com<br>May the sources be with you<br></blockquote></div><br>