Cyradm Tool Authentication Question (PAM vs. Sasldb2)

Walton, Bryan bryan-walton at uiowa.edu
Wed Feb 6 12:51:29 EST 2008


I'm running Cyrus IMAP 2.2.13.  In my imapd.conf, I've set the line:
sasl_pwcheck_method: saslauthd

I've configured saslauthd with:
MECHANISMS="pam"

And I've configured pam to work with my LDAP servers.  This all seems to work great for user authentication to IMAP accounts, and I'm happy with that.

I've read in other places online that when using the cyradm tool (as user cyrus), that when prompted for the IMAP password, this will only authenticate against the SASL database, in spite of my configuration settings above.  Is this correct?  I ask because it doesn't seem so in practice. I've created a password entry in sasldb2 for the the user cyrus, using saslpasswd2.  However, if I become the cyrus user and then issue the following command:

cyradm --user cyrus localhost

my authentication fails.  My logs report that my LDAP directory didn't find a cyrus user (which is true of course, because I haven't yet created one in LDAP).

So, in sum, is it possible to configure my IMAP server as I have done, yet still have cyradm only authenticate via a local password stored in sasldb2?  If I have to create a cyrus user in my LDAP directory, I can.  But I would prefer not.

Thanks!
Bryan Walton


More information about the Info-cyrus mailing list