Authentication problem
Stephen Liu
satimis at yahoo.com
Mon Jun 9 10:27:35 EDT 2008
Hi Simon,
- snip -
> > $ cat /etc/pam.d/imap
> > @include common-auth
> > @include common-account
>
> Well, now you should provide us the common-auth and common-account
> configs.
$ locate common-auth
/etc/pam.d/common-auth
/usr/share/pam/common-auth
/usr/share/pam/common-auth.md5sums
$ cat /etc/pam.d/common-auth
auth required pam_unix.so nullok_secure
$ cat /usr/share/pam/common-auth
auth required pam_unix.so nullok_secure
$ sudo find / -name common-account
/etc/pam.d/common-account
/usr/share/pam/common-account
$ cat /etc/pam.d/common-account
- snip-
account required pam_unix.so
$ cat /usr/share/pam/common-account
- snip -
account required pam_unix.so
- snip -
> I have the feeling you should add this to your imapd.conf:
>
> sasl_mech_list: PLAIN
$ cat /etc/imapd.conf | grep sasl_mech_list
#sasl_mech_list: PLAIN
to uncomment this line? Thanks
B.R.
Stephen
> > then pressing [Ctrl]+c
> > ^@C: Q01 LOGOUT
> > Connection closed.
> >
> >
> >
> > B.R.
> > Stephen
> >
> >
> >> >
> >> > $ cat /etc/pam.conf
> >> > #
> >> >
> >>
> >
>
---------------------------------------------------------------------------#
> >> > # /etc/pam.conf
> >> > #
> >> > #
> >> >
> >>
> >
>
---------------------------------------------------------------------------#
> >> > #
> >> > # NOTE
> >> > # ----
> >> > #
> >> > # NOTE: Most program use a file under the /etc/pam.d/ directory
> to
> >> > setup their
> >> > # PAM service modules. This file is used only if that directory
> >> does
> >> > not exist.
> >> > #
> >> >
> >>
> >
>
---------------------------------------------------------------------------#
> >> >
> >> > # Format:
> >> > # serv. module ctrl module [path] ...[args..]
> >> > #
> >> > # name type flag
> >> > #
> >> > * end *
> >> >
> >> >
> >> > What other file/files I have to check ? Thanks.
> >> >
> >> >
> >> >
> >> > B.R.
> >> > Stephen
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >> > $ cat /etc/cyrus.conf
> >> >> > # Debian defaults for Cyrus IMAP server/cluster
> implementation
> >> >> > # see cyrus.conf(5) for more information
> >> >> > #
> >> >> > # All the tcp services are tcpd-wrapped. see hosts_access(5)
> >> >> > # $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $
> >> >> >
> >> >> > START {
> >> >> > # do not delete this entry!
> >> >> > recover cmd="/usr/sbin/ctl_cyrusdb -r"
> >> >> >
> >> >> > # this is only necessary if using idled for IMAP IDLE
> >> >> > # this is NOT to be enabled right now in Debian
> builds
> >> >> > #idled cmd="idled"
> >> >> >
> >> >> > # this is useful on backend nodes of a Murder cluster
> >> >> > # it causes the backend to syncronize its mailbox
> list
> >> with
> >> >> > # the mupdate master upon startup
> >> >> > #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m"
> >> >> >
> >> >> > # this is recommended if using duplicate delivery
> >> >> suppression
> >> >> > delprune cmd="/usr/sbin/ctl_deliver -E 3"
> >> >> > # this is recommended if caching TLS sessions
> >> >> > tlsprune cmd="/usr/sbin/tls_prune"
> >> >> > }
> >> >> >
> >> >> > # UNIX sockets start with a slash and are absolute paths
> >> >> > # you can use a maxchild=# to limit the maximum number of
> forks
> >> of
> >> >> a
> >> >> > service
> >> >> > # you can use babysit=true and maxforkrate=# to keep tight
> tabs
> >> on
> >> >> the
> >> >> > service
> >> >> > # most services also accept -U (limit number of reuses) and
> -T
> >> >> > (timeout)
> >> >> > SERVICES {
> >> >> > # --- Normal cyrus spool, or Murder backends ---
> >> >> > # add or remove based on preferences
> >> >> > imap cmd="imapd -U 30" listen="imap"
> >> prefork=0
> >> >> > maxchild=100
> >> >> > imaps cmd="imapd -s -U 30" listen="imaps"
> >> >> prefork=0
> >> >> > maxchild=100
> >> >> > #pop3 cmd="pop3d -U 30" listen="pop3"
> >> prefork=0
> >> >> > maxchild=50
> >> >> > #pop3s cmd="pop3d -s -U 30" listen="pop3s"
> >> >> prefork=0
> >> >> > maxchild=50
> >> >> >
> >> >> >
> >> >> > #nntp cmd="nntpd -U 30" listen="nntp"
> >> prefork=0
> >> >> > maxchild=100
> >> >> > #nntps cmd="nntpd -s -U 30" listen="nntps"
> >> >> prefork=0
> >> >> > maxchild=100
> >> >> >
> >> >> > # At least one form of LMTP is required for delivery
> >> >> > # (you must keep the Unix socket name in sync with
> >> >> imap.conf)
> >> >> > #lmtp cmd="lmtpd" listen="localhost:lmtp"
> >> >> prefork=0
> >> >> > maxchild=20
> >> >> > lmtpunix cmd="lmtpd"
> >> >> listen="/var/run/cyrus/socket/lmtp"
> >> >> > prefork=0 maxchild=20
> >> >> > # ----------------------------------------------
> >> >> >
> >> >> > # useful if you need to give users remote access to
> >> sieve
> >> >> > # by default, we limit this to localhost in Debian
> >> >> > sieve cmd="timsieved"
> listen="localhost:sieve"
> >> >> > prefork=0 maxchild=100
> >> >> >
> >> >> > # this one is needed for the notification services
> >> >> > notify cmd="notifyd"
> >> >> > listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
> >> >> >
> >> >> > # --- Murder frontends -------------------------
> >> >> >
> >> >> > - snip -
> >> >> >
> >> >> >
> >> >> > # ----------------------------------------------
> >> >> > }
> >> >> >
> >> >> > EVENTS {
> >> >> > # this is required
> >> >> > checkpoint cmd="/usr/sbin/ctl_cyrusdb -c"
> period=30
> >> >> >
> >> >> > # this is only necessary if using duplicate delivery
> >> >> > suppression
> >> >> >
> >> >> >
> >> >> > delprune cmd="/usr/sbin/ctl_deliver -E 3"
> at=0401
> >> >> >
> >> >> > # this is only necessary if caching TLS sessions
> >> >> > tlsprune cmd="/usr/sbin/tls_prune" at=0401
> >> >> > }
> >> >> >
> >> >> > admins: cyrus
> >> >> > unixhierarchysep: 1
> >> >> > * end *
> >> >> >
> >> >> >
> >> >> >
> >> >> > $ cat /etc/imapd.conf
> >> >> > # Debian Cyrus imapd.conf
> >> >> > # $Id: imapd.conf 229 2005-12-08 23:26:29Z astronut $
> >> >> > # See imapd.conf(5) for more information and more options
> >> >> >
> >> >> > # Configuration directory
> >> >> > configdirectory: /var/lib/cyrus
> >> >> >
> >> >> > # Which partition to use for default mailboxes
> >> >> > defaultpartition: default
> >> >> > partition-default: /var/spool/cyrus/mail
> >> >> >
> >> >> > # News setup
> >> >> > partition-news: /var/spool/cyrus/news
> >> >> > newsspool: /var/spool/news
> >> >> >
> >> >> > # Alternate namespace
> >> >> > # If enabled, activate the alternate namespace as documented
> in
> >> >> > # /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where
> an
> >> >> user's
> >> >> > # subfolders are in the same level as the INBOX
> >> >> > # See also userprefix and sharedprefix on imapd.conf(5)
> >> >> > altnamespace: no
> >> >> >
> >> >> > # UNIX Hierarchy Convention
> >> >> > # Set to yes, and cyrus will accept dots in names, and use
> the
> >> >> forward
> >> >> > # slash "/" to delimit levels of the hierarchy. This is done
> by
> >> >> > converting
> >> >> > # internally all dots to "^", and all "/" to dots. So the
> >> >> > "rabbit.holes"
> >> >> > # mailbox of user "helmer.fudd" is stored in
> >> >> > "user.elmer^fud.rabbit^holes"
> >> >> > unixhierarchysep: yes
> >> >> >
> >> >> >
> >> >> > - snip -
> >> >> >
> >> >> >
> >> >> > # Uncomment the following and add the space-separated users
> who
> >> >> > # have admin rights for all services.
> >> >> > admins: cyrus
> >> >> >
> >> >> >
> >> >> > - sni -
> >> >> >
> >> >> >
> >> >> > # No anonymous logins
> >> >> > #allowanonymouslogin: no
> >> >> > allowanonymouslogin: yes
> >> >> >
> >> >> > # Minimum time between POP mail fetches in minutes
> >> >> > popminpoll: 1
> >> >> >
> >> >> > # If nonzero, normal users may create their own IMAP accounts
> by
> >> >> > creating
> >> >> > # the mailbox INBOX. The user's quota is set to the value if
> it
> >> is
> >> >> > positive,
> >> >> > # otherwise the user has unlimited quota.
> >> >> > autocreatequota: 0
> >> >> >
> >> >> > # umask used by Cyrus programs
> >> >> > umask: 077
> >> >> >
> >> >> > - snip -
> >> >> >
> >> >> > # If enabled, cyrdeliver will look for Sieve scripts in
> user's
> >> home
> >> >> > # directories: ~user/.sieve.
> >> >> > sieveusehomedir: false
> >> >> >
> >> >> > # If sieveusehomedir is false, this directory is searched for
> >> Sieve
> >> >> > scripts.
> >> >> > sievedir: /var/spool/sieve
> >> >> >
> >> >> >
> >> >> > - snip -
> >> >> >
> >> >> >
> >> >> > # If enabled, the partitions will also be hashed, in addition
> to
> >> >> the
> >> >> > hashing
> >> >> > # done on configuration directories. This is recommended if
> one
> >> >> > partition has a
> >> >> > # very bushy mailbox tree.
> >> >> > hashimapspool: true
> >> >> >
> >> >> > # Allow plaintext logins by default (SASL PLAIN)
> >> >> > allowplaintext: yes
> >> >> >
> >> >> > # Force PLAIN/LOGIN authentication only
> >> >> > # (you need to uncomment this if you are not using an
> >> auxprop-based
> >> >> > SASL
> >> >> > # mechanism. saslauthd users, that means you!). And pay
> >> attention
> >> >> to
> >> >> > # sasl_minimum_layer and allowapop below, too.
> >> >> > #sasl_mech_list: PLAIN
> >> >> >
> >> >> >
> >> >> > - snip -
> >> >> >
> >> >> >
> >> >> > # Do note that, since sasl will be run as user cyrus, you may
> >> have
> >> >> a
> >> >> > lot of
> >> >> > # trouble to set this up right.
> >> >> > #sasl_pwcheck_method: auxprop
> >> >> > sasl_pwcheck_method: saslauthd
> >> >> >
> >> >> > # What auxpropd plugins to load, if using
> sasl_pwcheck_method:
> >> >> auxprop
> >> >> > # by default, all plugins are tried (which is probably NOT
> what
> >> you
> >> >> > want).
> >> >> > #sasl_auxprop_plugin: sasldb
> >> >> >
> >> >> > # If enabled, the SASL library will automatically create
> >> >> authentication
> >> >> > secrets
> >> >> > # when given a plaintext password. Refer to SASL
> documentation
> >> >> > sasl_auto_transition: no
> >> >> >
> >> >> > #
> >> >> > # SSL/TLS Options
> >> >> > #
> >> >> >
> >> >> > - snip -
> >> >> >
> >> >> >
> >> >> > # File containing one or more Certificate Authority (CA)
> >> >> certificates.
> >> >> > #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem
> >> >> >
> >> >> > # Path to directory with certificates of CAs.
> >> >> > tls_ca_path: /etc/ssl/certs
> >> >> >
> >> >> > # The length of time (in minutes) that a TLS session will be
> >> cached
> >> >> for
> >> >> > later
> >> >> > # reuse. The maximum value is 1440 (24 hours), the default.
> A
> >> >> value
> >> >> > of 0 will
> >> >> > # disable session caching.
> >> >> > tls_session_timeout: 1440
> >> >> >
> >> >> > # The list of SSL/TLS ciphers to allow, in decreasing order
> of
> >> >> > precedence.
> >> >> > # The format of the string is described in ciphers(1). The
> >> Debian
> >> >> > default
> >> >> > # selects TLSv1 high-security ciphers only, and removes all
> >> >> anonymous
> >> >> > ciphers
> >> >> > # from the list (because they provide no defense against
> >> >> > man-in-the-middle
> >> >> > # attacks). It also orders the list so that stronger ciphers
> >> come
> >> >> > first.
> >> >> > tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
> >> >> >
> >> >> >
> >> >> > - snip -
> >> >> >
> >> >> >
> >> >> > ## KEEP THESE IN SYNC WITH cyrus.conf
> >> >> > ##
> >> >> > # Unix domain socket that lmtpd listens on.
> >> >> > lmtpsocket: /var/run/cyrus/socket/lmtp
> >> >> >
> >> >> > # Unix domain socket that idled listens on.
> >> >> > idlesocket: /var/run/cyrus/socket/idle
> >> >> >
> >> >> > # Unix domain socket that the new mail notification daemon
> >> listens
> >> >> on.
> >> >> > notifysocket: /var/run/cyrus/socket/notify
> >> >> >
> >> >> > # Syslog prefix. Defaults to cyrus (so logging is done as
> >> >> cyrus/imap
> >> >> > etc.)
> >> >> > syslog_prefix: cyrus
> >> >> >
> >> >> >
> >> >> > - snip -
> >> >> > * end *
> >> >> >
> >> >> >
> >> >> > B.R.
> >> >> > Stephen L
> >> >
> >> >
> >> > Send instant messages to your online friends
> >> http://uk.messenger.yahoo.com
> >> > ----
> >> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> >> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> >> > List Archives/Info:
> http://asg.web.cmu.edu/cyrus/mailing-list.html
> >> >
> >>
> >>
> >>
> >
> >
> > Send instant messages to your online friends
> http://uk.messenger.yahoo.com
> > ----
> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >
>
>
>
Send instant messages to your online friends http://uk.messenger.yahoo.com
More information about the Info-cyrus
mailing list