Re: PAM (Red Hat) saslauthd, and Cyrus IMAP

From: Simon Matter (simon dot matter at ch dot sauter-bc dot com)
Date: Thu Mar 11 2004 - 00:55:23 EST

  • Next message: Andreas Winkelmann: "Re: 2.1.17 with mysql quirks"

    > I'm having trouble authenticating to Cyrus IMAP. After having problems
    > with salsdb2 and auxprop, I"m now trying to use saslauthd and pam so I
    > can use the users' password from NIS.
    >
    > I can authenticate as myself, the cyrus admin, and the mupdate user fine
    > with the cyradm command, but when I try to use imtest or connect from an
    > IMAP mail client, I get reject, with the following entries in
    > /var/log/auth.log
    >
    > Mar 10 15:40:18 pdb-mail-1 saslauthd[11318]: do_auth : auth
    > failure: [user=mupdate] [service=mupdate] [realm=] [mech=pam]
    > [reason=PAM auth error]
    > Mar 10 15:40:18 pdb-mail-1 mupdate[11091]: Password verification failed
    > Mar 10 15:40:50 pdb-mail-1 saslauthd[11319]: DEBUG: auth_pam:
    > pam_authenticate failed: Authentication failure
    > Mar 10 15:40:50 pdb-mail-1 saslauthd[11319]: do_auth : auth
    > failure: [user=mupdate] [service=mupdate] [realm=] [mech=pam]
    > [reason=PAM auth error]
    > Mar 10 15:40:50 pdb-mail-1 mupdate[11091]: Password verification failed
    > Mar 10 15:41:14 pdb-mail-1 saslauthd[11320]: DEBUG: auth_pam:
    > pam_authenticate failed: Authentication failure
    > Mar 10 15:41:14 pdb-mail-1 saslauthd[11320]: do_auth : auth
    > failure: [user=mupdate] [service=mupdate] [realm=] [mech=pam]
    > [reason=PAM auth error]
    > Mar 10 15:41:14 pdb-mail-1 mupdate[11091]: Password verification faile
    >
    > The relevant config files are below
    >
    >
    > --
    > Prentice Bisbal
    > Computer System Administrator
    > Protein Data Bank
    > Rutgers University
    >
    >
    > # more /etc/imapd.conf
    > configdirectory: /var/lib/imap
    > partition-default: /var/cyrus/spool/imap
    > admins: cyrus mupdate
    > sievedir: /var/cyrus/lib/imap/sieve
    > sendmail: /usr/sbin/sendmail
    > hashimapspool: true
    > #sasl_pwcheck_method: auxprop
    > sasl_pwcheck_method: saslauthd
    > sasl_mech_list: PLAIN
    > tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
    > tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
    > tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
    > mupdate_config: replicated
    > mupdate_server: pdb-mupdate.rutgers.edu
    > mupdate_username: mupdate
    > mupdate_authname: mupdate
    > mupdate_password: XXXXXXXX
    >
    > # more /etc/sysconfig/saslauthd
    > MECH=pam
    > FLAGS="-n=5"
    >
    > more /etc/pam.d/imap
    > #%PAM-1.0
    > auth required pam_stack.so service=system-auth
    > account required pam_stack.so service=system-auth

    You need /etc/pam.d/mupdate usually with the same config than
    /etc/pam.d/imap.

    HTH
    Simon

    >
    >
    >
    >


  • Next message: Andreas Winkelmann: "Re: 2.1.17 with mysql quirks"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD