Using PAM

From: Phil Dibowitz (no email)
Date: Sat Jun 08 2002 - 19:04:28 EDT


Hey all,

My test environment is using pure SASL. I'd like to now expand it to use
PAM->MySQL.

I'm installed pam-mysql, and my /etc/pam.d/imap looks like:

auth sufficient pam_mysql.so user=mail passwd=mailpasswd host=localhost
db=mail table=accountuser usercolumn=username passw
dcolumn=password crypt=0
account required pam_mysql.so user=mail passwd=mailpasswd host=localhost
db=mail table=accountuser usercolumn=username pass
wdcolumn=password crypt=0

Where 'mailpasswd' has been replaced for the actual password I'm using for the
mysql 'mail' user.

First question... is there a way here to specify that mysql is listening on a
unix socket and not a TCP/IP port? While I modified my mysql server to use a
port for testing purposes I'd like to just use a local unix socet eventually.
Anyway, that's not the problem...

I then have my imapd.conf file like this:
...
allowanonymouslogin: no
allowplaintext: yes
sasl_passwd_check: pam
sasl_auto_transition: yes

I'm using the table names that web-cyradm uses, but I'm not (yet?) using
web-cyradm.

I've added a user to the accountuser table and then cleared that user from
sasldb (with saslpasswd -d), but I'm getting 'user not found' from imap. I'm
assuming it's simply not using PAM, and is just using sasldb, but I'm not
quite sure why. auth.log and imapd.log aren't very helpful at this point, and
I'm trying to find a way to figure out if cyrus is actually using pam/mysql,
I'm pretty sure it's not... Any pointers would be appreciated. Thanks.

Phil

-- 
"They that can give up essential liberty to obtain a little temporary safety 
deserve neither liberty nor safety."
-Benjamin Franklin, 1759







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD