ctl_mboxlist being run as root and CRAM-MD5 with saslauthd + LDAP

[Rob Siemborski]

On Thu, 6 Mar 2003, Etienne Goyer wrote:

> ---
> configdirectory: /var/imap
> partition-default: /tmp
> admins: cyrus
> sasl_mech_list: PLAIN
> sasl_pwcheck_method: saslauthd
> ---

If you're using PLAIN to authenticate to your backends, you'll need to be
using 2.2 (with the TLS support for backend auth).  Mupdate should be
fine, however.

> When the master server start on the backend, the following appear in
> /var/log/auth.log :
>
> ---
> Mar  6 09:46:41 ldap1 saslauthd[1852]: Entry not found or more than one entries found (uid=root).
> Mar  6 09:46:41 ldap1 saslauthd[1852]: AUTHFAIL: user=root service=mupdate realm=
> Mar  6 09:46:41 ldap1 mupdate[2022]: Password verification failed
> ---
>
> This make me believe that ctl_mboxlist is being executed as root (at
> least, try to authenticate as root).  I could not fing a switch in the
> man page to have it authenticate as some specific user (in my case,
> cyrus).  Two (inelegant) solution I tried that did not work where to
> make ctl_mboxlist suid cyrus and executing ctl_mboxlist as cyrus with
> sudo in /etc/cyrus.conf.  Is there s switch to ctl_mboxlist that tell it
> ot authenticate to the mupdate server as a specific user ?  I am
> starting the Cyrus master process as root; could this be the problem ?

Did you set the mupdate_* options in your backend's imapd.conf
(specifically mupdate_authname, mupdate_password, etc).

The cyrus master process should abandon its root rights as it starts the
services.

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper