From: Lumpkin, Buddy (no email)
Date: Mon Jul 16 2001 - 21:04:31 EDT
Ok, so right after sending that message I actuall thought about what I was asking ...
I looked in the /etc/pam.conf file and noticed that the services were listed by name (duh)... then I trussed the imapd process and found that it was looking in the pam.conf file for a matching line. So I added one like this:
imap auth required /usr/lib/security/$ISA/pam_unix.so.1
Still permission denied, but I notice that now the truss output showes that the open() call was returning EACCESS so as a troubleshooting measure I added read for user and other to /etc/shadow and it works now :)
So now my question is ... What is considered a good practice (security wise) for configuring PAM authentication for cyrus imapd? Should I add cyrus to the sys group and make /etc/shadow group readable?
--Buddy
-----Original Message-----
From: Lumpkin, Buddy
Sent: Monday, July 16, 2001 5:51 PM
To:
Subject: How do I enable PAM authentication in Solaris?
Hello All,
I have configured cyrus-imapd-2.0.14 and cyrus-sasl-1.5.24 on Solaris 8 and they work great with sasldb for authentication. I assumed that I could just edit the line:
sasl_pwcheck_method: sasldb
in /etc/imapd.conf and /usr/lib/sasl/cyrus.conf and change it so that it says:
sasl_pwcheck_method: PAM
Part of that assumption is that PAM authentication will automatically try to authenticate with the libraries listed in /etc/pam.conf under login or other?
This is not working though :(
Are my assumptions correct?
Thanks in advance,
--Buddy
|
|
|