Installation of Cyrus aggregator using PAM authentication.

Russell Gnann rgnann at corp.pol.net
Wed Apr 16 17:07:04 EDT 2003


We recompiled Cyrus-IMAP and Cyrus-Sasl with the following configuration...

For imapd:

./configure --prefix=/opt/sparcv8/5.7/cyrus-imapd-2.1.12
--with-cyrus-prefix=/opt/sparcv8/5.7/cyrus-imapd-2.1.12
--with-dbdir=/opt/sparcv8/5.7/db-4.1.25.NC
--with-bdb-libdir=/opt/sparcv8/5.7/db-4.1.25.NC/lib
--with-bdb-incdir=/opt/sparcv8/5.7/db-4.1.25.NC/include
--with-sasl=/opt/sparcv8/5.7/cyrus-sasl-2.1.13 
--without-krb 
--enable-murder 
--enable-fulldirhash 
--with-cyrus-group=mail 
--with-cyrus-user=cyrus

For sasl:

./configure  --prefix=/opt/sparcv8/5.7/cyrus-sasl-2.1.13
--with-dblib=berkeley 
--with-bdb-libdir=/opt/sparcv8/5.7/db-4.1.25.NC/lib
--with-bdb-incdir=/opt/sparcv8/5.7/db-4.1.25.NC/include 
--with-pam 
--disable-krb4 
--disable-gssapi 
--disable-krb5 
--disable-login 
--with-dbpath=/opt/sasldb2 
--with-saslauthd


In looking at the imapd install docs we saw en example of the out put for
CAPABILITY which listed AUTH=DIGEST-MD5 and AUTH=CRAM-MD5

When executing CAPABILTY on the new build of Cyrus IMAP we saw the following
output 

S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
MUPDATE=mupdate://machinename2/

We would have expected to see similar AUTH listing in that output since
DIGEST-MD5 and CRAM-MD5 were never disabled in the Sasl or IMAP builds, and
the configure options seem to indicate that they are enabled by default..
Any ideas would be great.  Thanks.
_______
Russell Gnann
UNIX Systems Administrator
Andrx Corp.



-----Original Message-----
From: Ken Murchison [mailto:ken at oceana.com] 
Sent: Wednesday, April 16, 2003 2:40 PM
To: Russell Gnann
Cc: 'info-cyrus at lists.andrew.cmu.edu'
Subject: Re: Installation of Cyrus aggregator using PAM authentication.




Russell Gnann wrote:
> 
> Hello list,
> 
> We are looking at setting the Cyrus Murder implementation in a test 
> environment.  We have successfully compiled Cyrus IMAP 2.1.12 and SASL 
> 2.1.13 with the --enable-murder option and successfully created a 
> backend server that authenticates IMAPD and POP3 correctly using PAM. 
> However, on the MUPDATE master server we cannot seem to authenticate 
> to MUPDATE.  We can successfully connect to it, but the backend server 
> using mupdatetest writes this to the logs
> 
> Apr 16 13:29:00 polmailqa mupdatetest[2332]: No worthy mechs found
> 
> I am obviously missing something in the setup for users in relation to 
> the MUPDATE authentication, but for the life of me I have no idea what 
> it might be.  Our current Cyrus-IMAP environment strictly uses PAM 
> authentication as the mechinism for auththentication...

MUPDATE doesn't support TLS, so you won't be able to use plaintext
authentication methods.  The easiest thing to do is to put an entry for your
mupdate user in sasldb2 and use DIGEST-MD5.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp




More information about the Info-cyrus mailing list