trouble with auths on cyrus imap

jonathan giles jong at clinedavis.com
Wed Jan 8 10:48:03 EST 2003


Hi:

I have been looking around for the answer to this, and have not found
it.

I am running...
4.7-RELEASE FreeBSD
with...

cyrus-imapd-2.1.10
cyrus-sasl-2.1.9_1

installed as ports.

Compilation and installation seems fine but...

I trying to authenticate with the standard shadow password, but keep
getting this in the log...

Jan  7 14:20:10 popper2 saslauthd[113]: AUTHFAIL: user=user service=imap
realm= [PAM auth error]

Jan  7 14:20:10 popper2 imapd[158]: badlogin:
localhost.clinedavis.com[127.0.0.1] plaintext user SASL(-13):
authentication failure: checkpass failed


imapd.conf includes the following...
sasl_pwcheck_method: saslauthd

saslauthd is started using -a pam in /usr/local/etc/rc.d/saslauthd.sh
I checked the processes, and it shows up.

/etc/pam.conf is standard conf for FreeBSD
with only one line for imap...
imap    auth    required        pam_unix.so       try_first_pass

/usr/local/lib/sasl2/Cyrus.conf has...
pwcheck_method: saslauthd 
it did have pwcheck_method: pwcheck but I changed it based on the notes
that came off standard output during compilation.

I have tried changing saslauthd to start with -a shadow, but it does not
recognize the service.

My understanding of this is that imap uses saslauthd for auth, saslauthd
is looking, or should be looking at pam, and pam has a service (imap)
configured for auths.  However, it doesn't work. 

I am very new to pam, but would like to get it to work so I can do ldap
auths instead of shadow auths.

Any help, pointers to howtos, suggestions would be greatly appreciated.

Thanks!

jg

-- 
Jonathan Giles
Senior Unix Administrator
Cline Davis Mann, Inc.

--
Privileged/Confidential Information may be contained in this
message.  If you are not the addressee indicated in this message
(or responsible for delivery of the message to such person), you
may not copy or deliver this message to anyone.  In such case,
you should destroy this message and kindly notify the sender
by reply e-mail.  Please advise immediately if you or your
employer do not consent to Internet e-mail of this kind.
Opinions, conclusions, and other information in this message
that do not relate to the official business of CDM shall
be understood as neither given nor endorsed by it.







More information about the Info-cyrus mailing list