How to reset IMAP password
Dan White
dwhite at olp.net
Tue Jan 4 12:49:18 EST 2011
On 04/01/11 16:50 +0100, Qaiser Adams wrote:
>Folks,
>We have lost our IMAP password and cannot find a way to reset it - does
>anybody know how we can do this?
>We are running Cyrus with saslauthd and using OpenLDAP to authenticate our
>users - this is the error I'm getting:
>---------
>cyradm -u cyrus localhost
>IMAP Password:
> Login failed: authentication failure at
>/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm
>line 118
>cyradm: cannot authenticate to server with as cyrus
>----------------
>
>I have tried changing the password of the 'cyrus' user using passwd,
>saslpasswd and saslpasswd2 to no avail, and also tried using 'cyradm --user
>cyrus --auth PLAIN localhost'
>but it always asks for the IMAP password.
>Many thanks,
>Qaiser
>
>
>--------- */etc/imapd.conf* --------
>configdirectory: /var/lib/imap
>partition-default: /var/spool/imap
>admins: cyrus
>sievedir: /var/lib/imap/sieve
>sendmail: /usr/sbin/sendmail
>hashimapspool: true
>sasl_pwcheck_method: saslauthd
>sasl_mech_list: PLAIN LOGIN
>tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
>tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
>tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
>createonpost: no
>autocreateinboxfolders: Sent | Trash | Drafts
>quotawarn: 90
>lmtp_over_quota_perm_failure: 1
>autocreatequota: 2000000
>soft_noauth: 0
>username_tolower: 1
>unix_group_enable: 0
>lmtp_downcase_rcpt: 1
>
>-------------- /etc/pam.d/imap --------------
>#%PAM-1.0
>auth required pam_stack.so service=system-auth
>account required pam_stack.so service=system-auth
What is your saslauthd.conf config? You mention you're using OpenLDAP to
authenticate, but also include your PAM configuration. Perhaps you're using
an LDAP PAM module?
With the two 'sasl_*' entries you've include above, there would be no
difference in the way your users authenticate and the way your cyrus user
authenticates... your cyrus credentials would be authenticated against
OpenLDAP as well (unless you're doing something with PAM that allows you to
authenticate against multiple modules).
You'll likely need to create or reconfigure the cyrus user contained within
your OpenLDAP tree to successfully authenticate.
If you don't want your cyrus user credentials in LDAP, you can do:
sasl_pwcheck_method: saslauthd auxprop
which would allow your users (and cyrus) to be authenticated by either
saslauthd or sasldb2.
--
Dan White
More information about the Cyrus-sasl
mailing list