[pamldap] cyrus and pam
deen at slt.lk
deen at slt.lk
Fri Aug 30 07:49:13 EDT 2002
in the normAL cyrus->ldap implementation do I need to build these config files.
/var/ldap/ldap_client_file and /var/ldap/ldap_client_cred.
presently i do not have these.
Deen
At 11:09 AM 8/30/02 +0200, you wrote:
>Hello,
> for those who have problems to get Cyrus and PAM-LDAP working
>on Solaris8 (as I had ...): We've written a small piece of code which
>replaces the original pwcheck and speaks directly LDAP.
> Just put it in the pwcheck directory of cyrus source code and
>do some adjustments in the Makefile (please make sure
>that OpenLDAP libs are linked).
>
>Please note that this pwcheck_ldap.c uses the PAM-LDAP config files
>/var/ldap/ldap_client_file and /var/ldap/ldap_client_cred.
>With one exception: I couldn't figure out what the algorithm
>"{NS1}" for password hashing/encryption (???) is - so I created
>a new file /var/ldap/pwcheck_ldap.conf which holds the clear text password.
>
>This program is not perfect - e.g. I haven't checked it for memory leaks etc.
>If anybody wants this to be integrated into Cyrus source code - please
>feel free to do it.
>
>http://keutel.de/cyrus-pwcheck-ldap/pwcheck_ldap.c
>
>Best regards, Jochen.
>
>> -----Original Message-----
>> From: owner-pamldap at PADL.COM [mailto:owner-pamldap at PADL.COM]On Behalf Of
>> Alan Sparks
>> Sent: Thursday, August 29, 2002 8:29 PM
>> To: deen at slt.lk
>> Cc: tarjei at nu.no; pamldap at padl.com
>> Subject: RE: [pamldap] cyrus and pam
>>
>>
>> I remember this was pretty weird... I built cyrus-sasl-1.5.27 with the
>> following extra option: --with-pwcheck=/var/pwcheck
>>
>> This gave me a program '/usr/sbin/pwcheck' that needs to run before Cyrus
>> is started. It creates a named pipe in /var/pwcheck that is used by SASL
>> to communicate to the external verifier program.
>>
>> My /etc/imapd.conf file contains the directive:
>> sasl_pwcheck_method: pwcheck
>>
>> Should note that I do /not/ have any files for imap or pop in /etc/pam.d/.
>>
>> That's the high points I recall on finally getting Cyrus/SASL to use PAM
>> authentication. Hope that gives some ideas on where to go. YMMV on
>> pathnames, depending on configure option. Good luck.
>> -Alan
>>
>>
>> Deen said:
>> >
>> >
>> > I have configured everything as required. What I am getting the error in
>> > the log file is unknown password verifier, in auth.error. I have added
>> > the particular user in OpenLDAP.
>> >
>> >
>> > Regards,
>> >
>> > Deen
>> >
>> > -----Original Message-----
>> > From: owner-pamldap at padl.com [mailto:owner-pamldap at padl.com]On Behalf Of
>> > Tarjei Huse
>> > Sent: Thursday, August 29, 2002 12:48 PM
>> > To: Deen
>> > Cc: pamldap at padl.com
>> > Subject: Re: [pamldap] cyrus and pam
>> >
>> >
>> > Quoting Deen <deen at slt.lk>:
>> >
>> >>
>> >> Hello List,
>> >>
>> >> I am trying to configure Cyrus POP/IMAP server, such that it will use
>> >> ldap for user validation. I am using the following.
>> >>
>> >> cyrus->pam->ldap.
>> > How have you set up cyrus-sasl? I think you'll get more help on this one
>> > on the
>> > info-cyrus list :)
>> > PS: cyrus-utils.sf.net/faq might help you
>> > Tarjei
>> >
>> > -------------------------------------------------
>> > This mail sent through IMP: http://horde.org/imp/
>>
>>
>> ===========
>> Alan Sparks, UNIX/Linux Systems Administrator
>> <asparks at doublesparks.net>
>>
>>
>>
>
>
>
>
More information about the Info-cyrus
mailing list