Cyrus looking in sasldb2 for authentication
etienne.goyer at linuxquebec.com
Thu May 15 15:50:27 EDT 2003
On Thu, May 15, 2003 at 02:21:45PM -0500, Jeff Wilde wrote:
> That is how I am running saslauthd -a shadow and it is authenticating against shadow, but the problem is that it still looks at sasldb2.
Ok, now I understand. saslauthd is only used for clear-text password
(PLAIN, LOGIN, etc). If your client try to authenticate with
non-cleartext mechanism (CRAM-MD5, DIGEST-MD5, etc), imapd will use
sasldb2. A work-around is to accept only clear-text authentication
method. If you don't want username/password flying in clear on the
network, you have to ask your client to use SSL.
Your /etc/imapd.conf should have something along these lines :
> -----Original Message-----
> From: Etienne Goyer [mailto:etienne.goyer at linuxquebec.com]
> Sent: Thursday, May 15, 2003 1:03 PM
> To: info-cyrus at lists.andrew.cmu.edu
> Subject: Re: Cyrus looking in sasldb2 for authentication
> You must run saslauthd with "-a getpwent" or "-a shadow" to authenticate against /etc/passwd (and/or /etc/shadow).
> You can also just "rm /usr/local/lib/sasl2/libotp*" to get rid of OTP support in SASL.
> On Thu, May 15, 2003 at 10:47:19AM -0500, Jeff Wilde wrote:
> > I have a situation where I'm just trying to authenticate agains the
> > /etc/shadow file through saslauthd. I keep getting errors in my log:
> > May 15 10:45:12 mail pop3d: could not find password
> > Which is because its looking in /etc/sasldb2. Is there a way to make
> > it stop looking in that file so I can get rid of this error message?
> > I also have OTP errors that I think I can get rid of by recompiling
> > without otp support but if I can change it in the config. That would
> > be
> > better:
> > May 15 10:45:13 mail imapd: OTP: No database support
> > Tia,
> > Jeff
> Etienne Goyer Linux Québec Technologies Inc.
> http://www.LinuxQuebec.com etienne.goyer at linuxquebec.com
Etienne Goyer Linux Québec Technologies Inc.
http://www.LinuxQuebec.com etienne.goyer at linuxquebec.com
More information about the Info-cyrus