How to reset IMAP password

Dan White dwhite at olp.net
Tue Jan 4 12:49:18 EST 2011 

On 04/01/11 16:50 +0100, Qaiser Adams wrote:
>Folks,
>We have lost our IMAP password and cannot find a way to reset it - does
>anybody know how we can do this?
>We are running Cyrus with saslauthd and using OpenLDAP to authenticate our
>users - this is the error I'm getting:
>---------
>cyradm -u cyrus localhost
>IMAP Password:
>              Login failed: authentication failure at
>/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm
>line 118
>cyradm: cannot authenticate to server with  as cyrus
>----------------
>
>I have tried changing the password of the 'cyrus' user using passwd,
>saslpasswd and saslpasswd2 to no avail, and also tried using 'cyradm --user
>cyrus --auth PLAIN localhost'
>but it always asks for the IMAP password.
>Many thanks,
>Qaiser
>
>
>---------  */etc/imapd.conf* --------
>configdirectory: /var/lib/imap
>partition-default: /var/spool/imap
>admins: cyrus
>sievedir: /var/lib/imap/sieve
>sendmail: /usr/sbin/sendmail
>hashimapspool: true
>sasl_pwcheck_method: saslauthd
>sasl_mech_list: PLAIN LOGIN
>tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
>tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
>tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
>createonpost: no
>autocreateinboxfolders: Sent | Trash | Drafts
>quotawarn: 90
>lmtp_over_quota_perm_failure: 1
>autocreatequota: 2000000
>soft_noauth: 0
>username_tolower: 1
>unix_group_enable: 0
>lmtp_downcase_rcpt: 1
>
>-------------- /etc/pam.d/imap --------------
>#%PAM-1.0
>auth       required     pam_stack.so service=system-auth
>account    required     pam_stack.so service=system-auth

What is your saslauthd.conf config? You mention you're using OpenLDAP to
authenticate, but also include your PAM configuration. Perhaps you're using
an LDAP PAM module?

With the two 'sasl_*' entries you've include above, there would be no
difference in the way your users authenticate and the way your cyrus user
authenticates... your cyrus credentials would be authenticated against
OpenLDAP as well (unless you're doing something with PAM that allows you to
authenticate against multiple modules).

You'll likely need to create or reconfigure the cyrus user contained within
your OpenLDAP tree to successfully authenticate.

If you don't want your cyrus user credentials in LDAP, you can do:

sasl_pwcheck_method: saslauthd auxprop

which would allow your users (and cyrus) to be authenticated by either
saslauthd or sasldb2.

-- 
Dan White

More information about the Cyrus-sasl mailing list