cyrus_sasl 2.1.26 to 2.1.27 upgrade changed PAM behavior?
Patrick Goetz
pgoetz at mail.utexas.edu
Thu Mar 21 09:59:19 EDT 2019
This is more of a curiosity question than a problem, as I finally
figured out why authentication stopped working on my cyrus-imapd 2.5.12
server.
I use sasl in PAM mode: /usr/sbin/saslauthd -a pam
A recent Arch linux system upgrade broke authentication on my email
server. The only related change was cyrus_sasl was updated from 2.1.26
to 2.1.27. After eliminating virtually every other possibility I
finally tracked this down to the PAM configuration file for cyrus-imapd.
The previous file (perhaps incorrectly) was simply this:
auth sufficient pam_unix.so
auth required pam_deny.so
I changed this to
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_unix.so
which fixed the problem. I can understand the account entry being
necessary for sasl authentication, but what I can't understand is why it
was not necessary for 2.1.26, but subsequently necessary for 2.1.27 --
what changed that led to this?
More information about the Info-cyrus
mailing list