PAM Auth with SASL 2.1.15

David Chait davidc at
Mon Nov 10 23:02:30 EST 2003

Hi All,
    I have a working Cyrus Imap 2.1.11 implimentation using SASL 2.1.10, which auths vs. local accounts via PAM. using the following configs, however due to RH's EOL in December we are being forced to migrate to RHEL 3 in about a month. I have a test box running RHL 9 (similar to RHEL 3), however I cannot seem to get the auth working with current stable Imap/Sasl. 


Nov 10 20:02:01 fac-imap-test su(pam_unix)[28930]: session opened for user dchait by root(uid=0)
Nov 10 20:02:10 fac-imap-test imap(pam_unix)[28925]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=dchait
Nov 10 20:02:13 fac-imap-test saslauthd[28925]: do_auth         : auth failure: [user=dchait] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
Nov 10 20:02:13 fac-imap-test imapd[28975]: badlogin: localhost.localdomain[] plaintext dchait SASL(-13): authentication failure: checkpass failed
Nov 10 20:02:27 fac-imap-test su(pam_unix)[28930]: session closed for user dchait


configdirectory: /var/imap
partition-default: /mail
admins: root cyrus
allowanonymouslogin: no
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain


# standard standalone server implementation

  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
#  idled                cmd="idled"

# UNIX sockets start with a slash and are put into /var/imap/socket
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=0
  imaps         cmd="imapd -s" listen="imaps" prefork=0
#  pop3         cmd="pop3d" listen="pop3" prefork=0
#  pop3s                cmd="pop3d -s" listen="pop3s" prefork=0
  sieve         cmd="timsieved" listen="sieve" prefork=0

  # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1

  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression
  delprune      cmd="ctl_deliver -E 3" period=1440

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" period=1440


/usr/cyrus/bin/master &
/usr/local/sbin/saslauthd -a pam &
/usr/libexec/postfix/master &


auth       required
auth       required service=system-auth
account    required service=system-auth
session    required service=system-auth

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Info-cyrus mailing list