sasldb2 set secret not seen
John Crawford
jmc-cyrus at sociology.osu.edu
Thu Dec 26 16:41:53 EST 2002
Hi.
I've upgraded from cyrus 2.0.14 and sasl 1.5.24 (I think it was)
to cyrus 2.1.11 and sasl 2.1.10 on freebsd 4.5.
I used the freebsd ports for the recent reinstallation, thanks Hajimu.
I had been using with the earlier cyrus version the feature
auto transition, such that a plain/login success through pam
would add the user/pw information into the sasldb.
Future authentications could then be done with challenge
response from the sasldb, since the "set secret" code
fed the sasldb file.
With the new versions, I don't get transition from
pam login/plain authentication into the sasldb2 file.
I'd expect perhaps success with the
fragment of my imapd.conf - specifying ...
sasl_pwcheck_method:auxprop saslauthd
#would probably be right (or with the order reversed?)
#with
auxprop_plugin: sasldb
# If enabled, the SASL library will automatically create authentication
# secrets when given a plaintext password. See the SASL documentation.
#
sasl_auto_transition: yes
# When set to 'yes' and when using the sasldb auxprop plugin, automatically
transition
# users to other mechs when they do a successful plaintext authentication
# http://asg.web.cmu.edu/cyrus/download/sasl/doc/options.html
--
I also wonder what I should set for
sasl_mech_list:
I want pam to do plain/login and saslauthd to service other requests.
Anyway, I'm not getting auto transition to the sasldb file. My imapd account
(cyrus) has rw access to /usr/local/etc/sasldb2 which is the file of concern.
Can anyone suggest why I'm having trouble stuffing the sasldb file?
I've seen others have trouble with this auto transition also.
Not unrelated, I'm having trouble understanding the basis for
two conflicting-to-me statements in the documentation
concerning auto_transition...
http://asg.web.cmu.edu/cyrus/download/sasl/doc/sysadmin.html
(There's no point in enabling this option if "pwcheck_method" is "auxprop",
and the sasldb plugin is installed)
yet
http://asg.web.cmu.edu/cyrus/download/sasl/doc/options.html
says about auto_transition
When set to 'yes' and when using the sasldb auxprop plugin, automatically
transition users to other mechs when they do a successful plaintext
authentication
What makes there be "no point" when it appears to be recommended for the
behavior to function?
Thanks
John
More information about the Info-cyrus
mailing list