PAM Auth with SASL 2.1.15

David Chait davidc at bonair.stanford.edu
Mon Nov 10 23:02:30 EST 2003 

Hi All,
    I have a working Cyrus Imap 2.1.11 implimentation using SASL 2.1.10, which auths vs. local accounts via PAM. using the following configs, however due to RH's EOL in December we are being forced to migrate to RHEL 3 in about a month. I have a test box running RHL 9 (similar to RHEL 3), however I cannot seem to get the auth working with current stable Imap/Sasl. 

Errors:

Nov 10 20:02:01 fac-imap-test su(pam_unix)[28930]: session opened for user dchait by root(uid=0)
Nov 10 20:02:10 fac-imap-test imap(pam_unix)[28925]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=dchait
Nov 10 20:02:13 fac-imap-test saslauthd[28925]: do_auth         : auth failure: [user=dchait] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
Nov 10 20:02:13 fac-imap-test imapd[28975]: badlogin: localhost.localdomain[127.0.0.1] plaintext dchait SASL(-13): authentication failure: checkpass failed
Nov 10 20:02:27 fac-imap-test su(pam_unix)[28930]: session closed for user dchait


imapd.conf

configdirectory: /var/imap
partition-default: /mail
admins: root cyrus
allowanonymouslogin: no
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain

cyrus.conf

# standard standalone server implementation

START {
  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
#  idled                cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=0
  imaps         cmd="imapd -s" listen="imaps" prefork=0
#  pop3         cmd="pop3d" listen="pop3" prefork=0
#  pop3s                cmd="pop3d -s" listen="pop3s" prefork=0
  sieve         cmd="timsieved" listen="sieve" prefork=0

  # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1
}

EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression
  delprune      cmd="ctl_deliver -E 3" period=1440

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" period=1440
}

/etc/rc

/usr/cyrus/bin/master &
/usr/local/sbin/saslauthd -a pam &
/usr/libexec/postfix/master &

/etc/pam.d/imap

auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20031110/c5d9590c/attachment.html

More information about the Info-cyrus mailing list