Solved: Virtual users setup

ogjunk-cyrus at yahoo.com ogjunk-cyrus at yahoo.com
Tue May 17 17:45:11 EDT 2005 

Note:

My solution, described below, is only a solution for "virtual users".
I still haven't found any docs/info about configuring Cyrus for
multiple "virtual domains".

Well, I found this:
http://asg.web.cmu.edu/cyrus/download/imapd/install-virtdomains.html

But that seems to require me to have a machine with multiple IPs/NICs.

Can one configure Cyrus to handle multiple virtual domains on a machine
with just 1 IP?

Thanks,
Otis


--- ogjunk-cyrus at yahoo.com wrote:

> Here is my solution (plain text password passing only.....hm):
> 
> 1. /etc/imapd.conf:
> 
>    sasl_pwcheck_method: auxprop   # NOT saslauthd
>    sasl_mech_list: PLAIN
>    allowplaintext: yes
> 
> 2. service saslauthd stop         # saslauthd is not needed 
> 
> 3. /etc/pam.d/imap:
> 
> #%PAM-1.0
> auth       required     /lib/security/pam_stack.so
> service=system-auth
> #account   required     /lib/security/pam_stack.so
> service=system-auth
> ## the account line would require a real system/UNIX account
> ## the auth line lets me create "virtual users"
> 
> 4. create users / passwords in sasldb2:
> 
> # saslpasswd2 -c feedback
> Password:
> Again (for verification):
> 
> # sasldblistusers2
> feedback at localhost.localdomain: userPassword
> 
> 5. test username / password:
> 
> # /usr/lib/cyrus-imapd/imtest -a feedback -w PASSWORDHERE  localhost
> S: * OK localhost.localdomain Cyrus IMAP4
> v2.2.6-Invoca-RPM-2.2.6-2.FC3.6 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> STARTTLS LISTEXT LIST-SUBSCRIBED X-NETSCAPES: C01 OK Completed
> C: L01 LOGIN feedback {12}
> S: + go ahead
> C: <omitted>
> S: L01 OK User logged in
> Authenticated.
> Security strength factor: 0
> C: Q01 LOGOUT
> Connection closed.
> 
> 
> 
> So that works without actually having "feedback" system user:
> 
> # finger feedback
> finger: feedback: no such user.
> 
> 
> Now ... this uses plain-text passwords, from what I understand.  I
> assume that refers to how they are stored in /etc/sasldb2 - Oh, yes,
> "strings /etc/sasldb2" shows them all very clearly! :(((
> 
> Hm, how does one go about encrypting that...
> 
> Thanks,
> Otis

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list