Configuring Cyrus IMAP for multiple domains (virtdomains problem)
ogjunk-cyrus at yahoo.com
ogjunk-cyrus at yahoo.com
Tue May 17 15:53:45 EDT 2005
Hello,
My authentication problem is in the saslauthd -> PAM part. I think I
need to configure PAM to use SASL and /etc/sasldb2 file to authenticate
users. It look like it is currently checking for UNIX username / pass:
May 17 15:48:13 localhost unix_chkpwd[28032]: check pass; user unknown
May 17 15:48:13 localhost imap(pam_unix)[28018]: authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=
May 17 15:48:15 localhost saslauthd[28018]: DEBUG: auth_pam:
pam_authenticate failed: Authentication failure
May 17 15:48:15 localhost saslauthd[28018]: do_auth : auth
failure: [user=feedback] [service=imap] [realm=my-domain.com]
[mech=pam] [reason=PAM auth error]
My /etc/pam.d/imap file looks like this:
# cat /etc/pam.d/imap
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
I looked at /lib/security/pam_*.so shared libs, but didn't see anything
with *sasl* in the name.
How should I configure PAM to use SASL and /etc/sasldb2? I think that
is what I need to do.
Thanks!
Otis
P.S.
Example of OK when UNIX account exists, and NO when it doesn't:
# man /usr/sbin/testsaslauthd
# /usr/sbin/testsaslauthd -u feedback -p XXX
0: OK "Success."
# userdel feedback
# /usr/sbin/testsaslauthd -u feedback -p XXX
0: NO "authentication failed"
--- ogjunk-cyrus at yahoo.com wrote:
> Hello,
>
> (I think this message got pushed down by the recent list spam, so I'm
> resending it, hoping it will catch somebody's attention)
>
> I'm trying to configure Cyrus IMAP (cyrus-imapd-2.2.6-2.FC3.6 -
> Fedora
> Code 3 package) to serve multiple domains. I have it accept email
> from
> Postfix when I don't use multiple (virtual) domains, but not with
> "virtdomains: yes" in /etc/imapd.conf.
>
> Here is what I have in /etc/imapd.conf:
>
> ... <standard stuff taken out> ...
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
> tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
> tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
>
> # OG: added
> virtdomains: on
> defaultdomain: my-domain.com
> unixhierarchysep: 1
> loginrealms: localdomain my-domain.com
>
> If I comment out the last 4 lines, then I _can_ create new mailboxes
> with cyradm (e.g. createmailbox user.otis.Trash). However, I need
> this
> server to serve email for multiple domains, so I need to be able to
> do
> "cm user/otis at my-domain.com")
>
> I've followed this:
>
> http://asg.web.cmu.edu/cyrus/download/imapd/install-virtdomains.html
>
> But that results in this:
>
> cyradm -u cyrus localhost 143
> IMAP Password:
> localhost.localdomain> cm user.otis at my-domain.com
> createmailbox: Invalid mailbox name
>
> I also tried this:
>
> localhost.localdomain> cm user/otis at my-domain.com
> createmailbox: Invalid mailbox name
>
> I presume that's because Cyrus doesn't know about "my-domain.com".
> How
> do I tell it about "my-domain.com"?
>
> I also read this:
> http://www.phildev.net/cyrus/cyrus_sasl.html
>
> But that had a few errors, so I gave up around half of the job.
> Perhaps Cyrus and cyradm would know about "my-domain.com" if I called
> cyradm like this:
>
> cyradm -u cyrus my-domain.com 143
>
> ?
> I tried that, but my-domain.com domain is not really configured yet
> (DNS points to a different, old machine), so I can't really try that.
>
> Any help would be appreciated.
>
> Thanks,
> Otis
> P.S.
> Similar thread is here, but this doesn't seem to work for me:
>
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=35013
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list