Authentication (Total Confusion)

[Mike's List]

On Wed, 24 Mar 2004, Rob Siemborski wrote:

> On Wed, 24 Mar 2004, Mike's List wrote:
> 
> > > Wait -- are you using sasldb, saslauthd with the rimap backend, or shadow
> > > password authentication (or some combination)?
> >
> > I'm using saslauthd, but saslauthd -a shows the below options,
> > uthentication mechanisms: getpwent pam rimap shadow ldap
> 
> If you're using saslauthd, that implies you know what backend you are
> using...  Have you read the manpage which describes them?

So saslauthd acts like a "connector" to PAM, LDAP, or some sort of backend
database for authentication?  I read the man pages of saslauthd but got
lost between "plaintext, shadow and SASL librbary."  So if I'm going to run
saslauthd, I need to run PAM or OPENLDAP as the backend database?
 
> > > You almost certainly do not want the rimap backend, unless you are doing
> > > something very specific.
> >
> > I'm assuming I don't want shadow, I haven't installed pam or openldap so
> > pam/ldap is out.  I tried getpwent, rimap and both did not work.  Is sasldb
> > the recommended and default backend authentication dbase?  I can't find it
> > or know how to access to use authentication.  (I tried all mechanisms and
> > none worked.)
> 
> If you are using sasldb, then you are *not* using saslauthd (or, atleast,
> you really really shouldn't be).  You need to set sasl_pwcheck_method:
> auxprop in your imapd.conf.

I modified imapd.conf with the auxprop, reload imapd, make sure saslauthd
is not running.  I make certain the user is listed with the command
sasldblistusers2 (create by saslpasswd2) and the entry is there.  But I
can't still authenticate via Squirrelmail or using imtest (keeps getting
failure: SASL initialization).


- Mike


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html