cyrus imap + pam

Michael Bacon baconm at duke.edu
Thu Apr 17 20:13:24 EDT 2003 

Well, there's the official Cyrus way to do it, and then there's the way we 
do it... :)

The official cyrus way is to use saslauthd configured to use pam.  Direct 
pam pwcheck support has been removed from the SASL distribution.

We, however, kept running into problems with saslauthd.  The gssapi 
saslauthd was crashing on us, and the PAM saslauthd module did some things 
that broke the gssapi PAM module we wanted to use.  After a while of 
hacking on it trying to get it to behave, we just wrote pam support back 
into the thing.  I understand that the saslauthd in SASL 2.1.13 has many 
improvements, so this may be dated, but we've had much better luck with the 
direct pam support than we did with  saslauthd.

I've attached a patch for putting pam support in.  It's against a version 
of the CVS code that may be slightly different than 2.1.12, so you may have 
a little trouble applying it to another version.  If so, let me know, and 
I'll see if I can update it to apply against what you need.  In any case, 
it enables sasl_pwcheck_method: pam, and does so in a pretty standard way.

I've submitted this to the Cyrus folks, and they turned it down because 
they want to maintain as simple a pwcheck mechanism as possible, which I 
can certainly understand.  In the meantime, though, this patch saved us 
quite a few headaches with saslauthd.

If you find this helpful, please let me know.

Thanks,
Michael

--On Wednesday, April 16, 2003 8:55 AM +0700 Do Duc Huy <huydd at cdit.com.vn> 
wrote:

>
> Hi all!
> I 've tried to compile cyrus-imap-2.1.12 with pam authenticate support in
> Redhat Linux 7.3 but it 's failse when I set sasl_pwcheck_method to pam:
> no mechanism available: checkpass failed  Anybody can tell me step by
> step what I have to do? I 've search in cyrus maillist but 've not found
> yet.  Thanks in advance
> --
> Do Duc Huy
> Centre for Development Infomation  Technology - CDIT
> The 4th floor VCCI buiding #9 Dao Duy Anh Str. Dong Da Dstr. Hanoi
> Tel: 84-04-5742879

-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch.pam
Type: application/octet-stream
Size: 4713 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20030417/055adf66/patch.obj

More information about the Info-cyrus mailing list