anthentication problem
Guillaume Nadot
gnadot at cirb.irisnet.be
Fri Sep 7 09:56:11 EDT 2007
Dear list,
The problem is that I cannot use the email address of the user to perform
their logins.
Let me explain :
I have succesfully setup cyrus with virtual domains,
I use sasl with pam for the authentication,
pam use ldap and use the email adress of the user as pam_login_attribute (
pam_login_attribute mail in /etc/ldap.conf ).
When I run the command testsaslauthd -u bill at truc.com -p password, it returns
0: OK "Success."
When I want to perform a login on cyrus, it fails here is the log :
Sep 7 15:50:40 imaptest pop3[5130]: badlogin: [192.168.34.208] plaintext
bill at truc.com SASL(-13): authentication failure: checkpass failed.
If I try to log on cyrus using bill at truc.com@truc.com, I can see this in the
logs :
Sep 7 15:52:30 imaptestfrontend1 pop3[5135]: login: [192.168.34.208]
bill at truc.com@truc.com plaintext User logged in
Sep 7 15:52:33 imaptestfrontend1 pop3[5135]: Unable to locate maildrop
truc.com!: Invalid mailbox name
The problem seems to be that when the user tries to authenticate, cyrus splits
the login in two parts : the username and the domain, and tries to
authenticate the user only with the local part of the mail adress.
Is there anyway to telle cyrus not to split the login when passing the
username to sasl ?
I'm using cyrus-imapd 2.3.7. on a RedHat 5 EL.
Here is my imapd.conf :
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
virtdomains: userid
Thanks,
--
Guillaume Nadot
System engineer
CIRB - CIBG
More information about the Info-cyrus
mailing list