Cryus IMAP accepts any password! - Solved

Michuki Mwangi michuki at swiftkenya.com
Tue Mar 29 11:52:19 EST 2005 

Sorry i should have googled better :) I have found a similar post
earlier which had the solution to the problem. 

Thanks & apologies.

Regards,


On Tue, 2005-03-29 at 19:35, Michuki Mwangi wrote:
> Dear list members,
> 
> I seem to have the most bizarre situation on my new setup.
> 
> FreeBSD 5.3
> Cyrus-imap2 2.2.8
> Cyrus-saslauthd 2.1.19_1
> pam-mysql
> mysql 5.0.0.2
> Postfix - 2.1.4
> Squirrelmail - 1.4.3a
> 
> Setup and delivery is fine.I can check mail from the respective accounts
> created in mysql and cyradm with *ANY* PASSWORD!. in this case i have tried
> both through Webmail (Squirrelmail) and mail client.
> 
> I can see the following from messages log
> 
> Mar 29 19:16:23 mail pop3[868]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits new) no authentication
> Mar 29 19:16:23 mail pop3[868]: login: [x.x.x.x] info PLAIN+TLS User logged in
> 
> I thought that my setup was wrong so i tried to debug by putting a wrong
> username or password or DB in the /etc/pam.d/pop and imap files
> 
> Well i can see that an sql error is generated in auth.log as follows.
> 
> Mar 29 19:15:25 mail saslauthd[569]: pam_mysql: MySQL err Access denied for user: 'xxx'@'localhost' to database 'mail'
> Mar 29 19:15:32 mail saslauthd[565]: pam_mysql: MySQL err Access denied for user: 'xxx'@'localhost' to database 'mail'
> 
> however am still able to check mail through the webclient or Kmail.
> 
> My /etc/pam.d/imap & pop files are as follows.
> # auth
> #auth           required        pam_nologin.so          no_warn
> #auth           sufficient      pam_krb5.so             no_warn try_first_pass
> #auth           sufficient      pam_ssh.so              no_warn try_first_pass
> #auth           required        pam_unix.so             no_warn try_first_pass
> auth sufficient pam_mysql.so user=xxxxxx passwd=xxxxx host=localhost db=mail tabl
> e=accountuser usercolumn=username passwdcolumn=password crypt=0
> account required pam_mysql.so user=xxxxxx passwd=xxxxx host=localhost db=mail tab
> le=accountuser usercolumn=username passwdcolumn=password crypt=0
> 
> imap.conf file has the following options uncommented from the default settings.
> 
> configdirectory: /var/imap
> partition-default: /home/mail
> allowanonymouslogin: no
> allowplaintext: yes
> timeout: 30
> poptimeout: 10
> admins: cyrus
> reject8bit: no
> sieveusehomedir: false
> sievedir: /home/sieve
> sendmail: /usr/sbin/sendmail
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN LOGIN
> tls_cert_file:/var/imap/server.pem
> tls_key_file:/var/imap/key.pem
> tls_ca_file:/var/imap/server.pem
> tls_ca_file:/var/imap/server.pem
> #
> # EOF
> 
> Where am i  going wrong?
> 
> 
> Regards,
-- 
Michuki Mwangi
KENIC.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list