Cyrus looking in sasldb2 for authentication

Etienne Goyer etienne.goyer at linuxquebec.com
Thu May 15 15:50:27 EDT 2003 

On Thu, May 15, 2003 at 02:21:45PM -0500, Jeff Wilde wrote:
> That is how I am running saslauthd -a shadow and it is authenticating against shadow, but the problem is that it still looks at sasldb2.

Ok, now I understand.  saslauthd is only used for clear-text password
(PLAIN, LOGIN, etc).  If your client try to authenticate with
non-cleartext mechanism (CRAM-MD5, DIGEST-MD5, etc), imapd will use
sasldb2.  A work-around is to accept only clear-text authentication
method.  If you don't want username/password flying in clear on the
network, you have to ask your client to use SSL.

Your /etc/imapd.conf should have something along these lines :

---
sasl_mech_list: PLAIN
sasl_pwcheck_method: saslauthd
---

> -----Original Message-----
> From: Etienne Goyer [mailto:etienne.goyer at linuxquebec.com] 
> Sent: Thursday, May 15, 2003 1:03 PM
> To: info-cyrus at lists.andrew.cmu.edu
> Subject: Re: Cyrus looking in sasldb2 for authentication
> 
> 
> You must run saslauthd with "-a getpwent" or "-a shadow" to authenticate against /etc/passwd (and/or /etc/shadow).
> 
> You can also just "rm /usr/local/lib/sasl2/libotp*" to get rid of OTP support in SASL.
> 
> On Thu, May 15, 2003 at 10:47:19AM -0500, Jeff Wilde wrote:
> > I have a situation where I'm just trying to authenticate agains the 
> > /etc/shadow file through saslauthd.  I keep getting errors in my log:
> > 
> > May 15 10:45:12 mail pop3d[23501]: could not find password
> > 
> > Which is because its looking in /etc/sasldb2.  Is there a way to make 
> > it stop looking in that file so I can get rid of this error message?  
> > I also have OTP errors that I think I can get rid of by recompiling 
> > without otp support but if I can change it in the config.  That would 
> > be
> > better:
> > 
> > May 15 10:45:13 mail imapd[23044]: OTP: No database support
> > 
> > 
> > Tia,
> > 
> > Jeff
> 
> -- 
> Etienne Goyer                    Linux Québec Technologies Inc.
> http://www.LinuxQuebec.com       etienne.goyer at linuxquebec.com

-- 
Etienne Goyer                    Linux Québec Technologies Inc.
http://www.LinuxQuebec.com       etienne.goyer at linuxquebec.com

More information about the Info-cyrus mailing list