Cyrus Imap plaintext authentication with saslauth & PAM

Dan White dwhite at
Thu Apr 23 15:21:08 EDT 2009

Kővári János wrote:
> I have a postfix relay server and a (local) cyrus imap server on the 
> same machine. Everything was fine until I thought, I change the imap 
> authentication from sasldb to saslauth, to have global authentication 
> on postfix and cyrus.
> Postfix uses saslauthd, which is configured for PAM. It works 
> perfectly, with plain/login/cram/digest mechanisms, with or without 
> tls/ssl, absolutely no problems with it. Saslauth tests are all fine 
> obviously.
> So I decided to use this with cyrus imap too. Set it to use the same 
> saslauth daemon, and plain, login, cram-md5 and digest-md5 mechs.
> Since then, I can not login with plain or login mechs, because they 
> aren't being offered at all by cyrus imapd. I can login with cram or 
> digest fine.
> I understand that plain login isn't offered by default, only after a 
> successfull tls session setup, but if I understand correctly, the 
> "allowplaintext: yes" option should still force imapd to offer plain 
> logins. But it doesn't. I tried it with different sasl_min|max_levels, 
> to no avail.
> This is the first thing I don't understand.
> The second is: after establishing a tls or ssl connection, plain and 
> login are offered, but I can not login with these mechs.
> (I'm using imtest to test it all.)
> However, with "testsaslauth", I am able to authenticate fine.
> I'm quite new to cyrus and linux systems, but I read all kinds of 
> manuals and FAQs nd documentation, and googled a lot, but I was unable 
> to find the culprit. So you are my last hope.
> If nothing else works, I leave it as is, with digest and cram it works 
> and it's more secure. Or I go back to sasldb, which is less 
> comfortable for me...

Please include the following information, so we can get a better idea of 
your setup:

Postfix and Cyrus IMAP version
Postfix SASL config:
  grep sasl
  cat /etc/postfix/sasl/smtpd.conf (or wherever smtpd.conf it located on 
your system)

Your cyrus imap.conf config

saslauthd does not support cram-md5 or digest-md5, so you may be (also) 
using the sasldb auxprop in Postfix.

- Dan

More information about the Info-cyrus mailing list