Cryus IMAP accepts any password!

Michuki Mwangi michuki at swiftkenya.com
Tue Mar 29 11:35:04 EST 2005 

Dear list members,

I seem to have the most bizarre situation on my new setup.

FreeBSD 5.3
Cyrus-imap2 2.2.8
Cyrus-saslauthd 2.1.19_1
pam-mysql
mysql 5.0.0.2
Postfix - 2.1.4
Squirrelmail - 1.4.3a

Setup and delivery is fine.I can check mail from the respective accounts
created in mysql and cyradm with *ANY* PASSWORD!. in this case i have tried
both through Webmail (Squirrelmail) and mail client.

I can see the following from messages log

Mar 29 19:16:23 mail pop3[868]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits new) no authentication
Mar 29 19:16:23 mail pop3[868]: login: [x.x.x.x] info PLAIN+TLS User logged in

I thought that my setup was wrong so i tried to debug by putting a wrong
username or password or DB in the /etc/pam.d/pop and imap files

Well i can see that an sql error is generated in auth.log as follows.

Mar 29 19:15:25 mail saslauthd[569]: pam_mysql: MySQL err Access denied for user: 'xxx'@'localhost' to database 'mail'
Mar 29 19:15:32 mail saslauthd[565]: pam_mysql: MySQL err Access denied for user: 'xxx'@'localhost' to database 'mail'

however am still able to check mail through the webclient or Kmail.

My /etc/pam.d/imap & pop files are as follows.
# auth
#auth           required        pam_nologin.so          no_warn
#auth           sufficient      pam_krb5.so             no_warn try_first_pass
#auth           sufficient      pam_ssh.so              no_warn try_first_pass
#auth           required        pam_unix.so             no_warn try_first_pass
auth sufficient pam_mysql.so user=xxxxxx passwd=xxxxx host=localhost db=mail tabl
e=accountuser usercolumn=username passwdcolumn=password crypt=0
account required pam_mysql.so user=xxxxxx passwd=xxxxx host=localhost db=mail tab
le=accountuser usercolumn=username passwdcolumn=password crypt=0

imap.conf file has the following options uncommented from the default settings.

configdirectory: /var/imap
partition-default: /home/mail
allowanonymouslogin: no
allowplaintext: yes
timeout: 30
poptimeout: 10
admins: cyrus
reject8bit: no
sieveusehomedir: false
sievedir: /home/sieve
sendmail: /usr/sbin/sendmail
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
tls_cert_file:/var/imap/server.pem
tls_key_file:/var/imap/key.pem
tls_ca_file:/var/imap/server.pem
tls_ca_file:/var/imap/server.pem
#
# EOF

Where am i  going wrong?


Regards,

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list