Authentication (Total Confusion)

Mike's List mikelist at sky.net
Tue Mar 23 19:08:09 EST 2004 

My server is Solaris 9, Cyrus IMAP 2.2.3, SASL 2.1.17, Postfix 2.0.18
and Squirrelmail 1.4.2.  I cannot seems to figure out how authentication
works between IMAPD and Squirrelmal, authentication in general.

My imapd server is working (telnet to port 143, etc.) I can create users
with Cyrus IMAP.  I can't seems to figure out how to achieve authentication
to IMAP.  I compiled SASL with fsl/pam/login/ldap/mysql options to 'yes'.

If I create a user 'test' via Unix with /etc/passwd & shadow and execute
saslauthd -a shadow, I can login via Squirrelmail but receive an error
because Squirrelmail can't find the mailbox.  If I create a user 'test'
under cyradm I can't login via saslauthd -a shadow/pam/login/ldap/rimap/
getpwent.  I'm not interested in saslauthd -a shadow, if I understood
Cyrus IMAP, you can create user's e-mail without adding Unix accounts and
uses different authentication scheme.

Below is my imapd.conf and saslauthd.conf.  If I need to add certain
parameters, please specify which file(s) and example, I'm not too familiar
or experience with SASL enough to comprehend "just add...parameters."

Thanks.

- Mike

imapd.conf
----------
#   Warning: Do not use a trailing slash in paths!
configdirectory:        /openpkg/var/imapd
partition-default:      /home/imapd_users
admins:                 openpkg-r mike
defaultacl:             openpkg-r lrswipcda
sasl_pwcheck_method:    saslauthd
sasl_mech_list:         PLAIN
sendmail:               /openpkg/sbin/sendmail
lmtpsocket:             /openpkg/var/imapd/socket/lmtp
unixhierarchysep:       yes
#altnamespace:           yes
allowanonymouslogin:    no
allowplaintext:         yes
servername:             server01.rr.com
autocreatequota:        10000
reject8bit:             no
quotawarn:              90
timeout:                30
defaultdomain:          rr.com
virtdomains:            on
#virtdomains:            off
#virtdomains:            userid

saslauthd.conf
--------------
# white space separated list of LDAP servers
#ldap_servers: ldap://127.0.0.1
ldap_servers: ldap://192.168.2.3

# authentication for restricted LDAP servers
#ldap_bind_dn: cn=operator,ou=Profile,o=foo.com
#ldap_bind_pw: secret

# LDAP version to use (2|3)
#ldap_version 3

# LDAP timeout
#ldap_timeout 5

# LDAP aliases (search|find|always|never)
ldap_deref: never

# follow LDAP referrals ?
ldap_referrals: no

# restart LDAP I/O operations that fail ?
ldap_restart: yes

# search scope (sub|one|base)
#ldap_scope: sub

# starting point for a search
ldap_search_base: MUST-SPECIFY

# authenticate against LDAP (bind|custom|fastbind)
ldap_auth_method: bind

# Filter LDAP records, %u = username, %r = realm
# if ldap_auth_method is 'bind' the filter searches for the DN
# otherwise the filter searches for the userPassword attribute
#ldap_filter: uid=%u

# debugging LDAP operation
#ldap_debug 0

# require and verify server certificate
#ldap_tls_check_peer:  no
#ldap_tls_cacert_file:
#ldap_tls_cacert_dir:

# list of SSL/TLS ciphers to allow
#ldap_tls_ciphers: DEFAULT

# files containing client certificate and key
#ldap_tls_cert:
#ldap_tls_key:

# my attempts
mechanisms="sasldb shadow pam ldap"



---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list