Cryus IMAP accepts any password!
Michuki Mwangi
michuki at swiftkenya.com
Tue Mar 29 11:35:04 EST 2005
Dear list members,
I seem to have the most bizarre situation on my new setup.
FreeBSD 5.3
Cyrus-imap2 2.2.8
Cyrus-saslauthd 2.1.19_1
pam-mysql
mysql 5.0.0.2
Postfix - 2.1.4
Squirrelmail - 1.4.3a
Setup and delivery is fine.I can check mail from the respective accounts
created in mysql and cyradm with *ANY* PASSWORD!. in this case i have tried
both through Webmail (Squirrelmail) and mail client.
I can see the following from messages log
Mar 29 19:16:23 mail pop3[868]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits new) no authentication
Mar 29 19:16:23 mail pop3[868]: login: [x.x.x.x] info PLAIN+TLS User logged in
I thought that my setup was wrong so i tried to debug by putting a wrong
username or password or DB in the /etc/pam.d/pop and imap files
Well i can see that an sql error is generated in auth.log as follows.
Mar 29 19:15:25 mail saslauthd[569]: pam_mysql: MySQL err Access denied for user: 'xxx'@'localhost' to database 'mail'
Mar 29 19:15:32 mail saslauthd[565]: pam_mysql: MySQL err Access denied for user: 'xxx'@'localhost' to database 'mail'
however am still able to check mail through the webclient or Kmail.
My /etc/pam.d/imap & pop files are as follows.
# auth
#auth required pam_nologin.so no_warn
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
#auth required pam_unix.so no_warn try_first_pass
auth sufficient pam_mysql.so user=xxxxxx passwd=xxxxx host=localhost db=mail tabl
e=accountuser usercolumn=username passwdcolumn=password crypt=0
account required pam_mysql.so user=xxxxxx passwd=xxxxx host=localhost db=mail tab
le=accountuser usercolumn=username passwdcolumn=password crypt=0
imap.conf file has the following options uncommented from the default settings.
configdirectory: /var/imap
partition-default: /home/mail
allowanonymouslogin: no
allowplaintext: yes
timeout: 30
poptimeout: 10
admins: cyrus
reject8bit: no
sieveusehomedir: false
sievedir: /home/sieve
sendmail: /usr/sbin/sendmail
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
tls_cert_file:/var/imap/server.pem
tls_key_file:/var/imap/key.pem
tls_ca_file:/var/imap/server.pem
tls_ca_file:/var/imap/server.pem
#
# EOF
Where am i going wrong?
Regards,
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list