Authentication error
Ken Murchison
ken at oceana.com
Fri Jan 9 09:41:50 EST 2004
Christiano Anderson wrote:
> I am installing a Cyrus box with the following configuration:
>
> Machine: Dual Xeon 2GHz, 1Gb RAM
> System: Debian GNU/Linux 3.0, Cyrus 2.1 (Backported) and SASL2 (Backported)
> Authentication: LDAP
>
> I have created a cyrus user under LDAP directory and the PAM modules has
> been set up to lib_ldap.so. When I try a "testsaslauthd -u cyrus -p
> [hidden]" I get a Sucess status, however, a "cyradm -u cyrus localhost"
> doesn't work.
This is because cyradm will pick the most secure authentication
mechanism that the server advertises (e.g. DIGEST-MD5), and all of the
non-plaintext mechanisms require that you have the user's secret stored
in an auxprop plugin backend (e.g. sasldb). If you only want to use
plaintext passwords via saslauthd, set your imapd.conf options to:
sasl_mech_list: PLAIN LOGIN
sasl_pwcheck_method: saslauthd
Alternatively, OpenLDAP 2.1.x includes an auxprop plugin, which would
allow you use any SASL mech with your LDAP installation.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus
mailing list