cyrus-imap and pam_mysql (very strange, and doesn't want to work!)

Tony lists at switchout.com
Tue May 25 03:18:24 EDT 2004


Try changing:

auth sufficient

to

auth required



> I've been hacking at this for quite a bit.  A Google search has turned up
> some nice little tidbits, but nothing seems to be working.
>
> I have Cyrus-IMAPD set up, and the mysql auth is funky, to say the least.
> It seems that any user with any password can login to the system!  Of
> course, only users with actual mailboxes can check anything.
>
> My /etc/pam.d/imap file:
>
> #
> # $FreeBSD: src/etc/pam.d/imap,v 1.5 2003/03/08 09:50:11 markm Exp $
> #
> # PAM configuration for the "imap" service
> #
>
>
> auth sufficient pam_mysql.so user=mail passwd=PASSWORD host=127.0.0.1
> db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1
> logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host
> logpidcolumn=pid logtimecolumn=time
>
> account required pam_mysql.so user=mail passwd=PASSWORD host=127.0.0.1
> db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1
> logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host
> logpidcolumn=pid logtimecolumn=time
>
>
> The output of /var/log/messages:
>
> May 25 02:25:34 cougar saslauthd[67928]: pam_sm_authenticate called.
> May 25 02:25:34 cougar saslauthd[67928]: dbuser changed.
> May 25 02:25:34 cougar saslauthd[67928]: dbpasswd changed.
> May 25 02:25:34 cougar saslauthd[67928]: host changed.
> May 25 02:25:34 cougar saslauthd[67928]: database changed.
> May 25 02:25:34 cougar saslauthd[67928]: table changed.
> May 25 02:25:34 cougar saslauthd[67928]: usercolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: passwdcolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: crypt changed.
> May 25 02:25:34 cougar saslauthd[67928]: logtable changed.
> May 25 02:25:34 cougar saslauthd[67928]: logmsgcolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: logusercolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: loghostcolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: logpidcolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: logtimecolumn changed.
> May 25 02:25:34 cougar saslauthd[67928]: db_connect  called.
> May 25 02:25:34 cougar saslauthd[67928]: returning 0 .
> May 25 02:25:34 cougar saslauthd[67928]: db_checkpasswd called.
> May 25 02:25:34 cougar saslauthd[67928]: pam_mysql: where clause =
> May 25 02:25:34 cougar saslauthd[67928]: SELECT password FROM accountuser
> WHERE username='rls0001'
> May 25 02:25:34 cougar saslauthd[67928]: sqlLog called.
> May 25 02:25:34 cougar saslauthd[67928]: insert into log (msg, user, host,
> pid, time) values('AUTH SUCCESSFUL', 'rls0001', '', '67928', NOW())
> May 25 02:25:34 cougar saslauthd[67928]: Returning 0
> May 25 02:25:34 cougar saslauthd[67928]: returning 0 .
> May 25 02:25:34 cougar saslauthd[67928]: returning 0.
> May 25 02:25:34 cougar imap[67927]: login: hlpdsk.dsl.telerama.com
> [205.201.9.222] rls0001 plaintext User logged in
>
>
> The wierd thing is, the password I used for this login was NOT the password
> I've assigned to the account!
>
> Fortunately, I'm in the testing-before-deployment phase; this is a serious
> potential security issue.
>
>
> The contents of /etc/imapd.conf:
>
> postmaster: postmaster
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> # admins: cyrus # no admins!
> allowanonymouslogin: no
> allowplaintext: yes
> sasl_mech_list: PLAIN
> servername: imap.runningleopard.com
> autocreatequota: 10000
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> #dracinterval: 0
> #drachost: localhost
> sasl_pwcheck_method: saslauthd
> #sievedir: /usr/sieve
> sendmail: /usr/sbin/sendmail
> #sieve_maxscriptsize: 32
> #sieve_maxscripts: 5
> #unixhierarchysep: yes
>
> The whole auth process seems to be "broken".  Any help would be most
> appreciated.
>
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list