Thanks Pascal --
I tried your config changes, but they didn't make any difference. Turns out
it was a compilation option that was set on my OpenLDAP installation - the
SASL in OpenLDAP was conflicting with the SASL in Cyrus. (See my other post
to the list for details...)
Now I'm playing with configs, and it appears that my /etc/pam.d/imap works
just the same as when I put your suggested changes in. But your version
looks much more robust, so I'm going to go with it. But I hate to just
blindly do stuff without understanding, so I was hoping you could shed a
little light (I'm a PAM newbie) on why you chose the PAM options as you did.
Again, thanks for your help!!!
--Josh
> -----Original Message-----
> From: Pascal Pucci [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 26, 2001 10:54 AM
> To: Joshua Penix; [EMAIL PROTECTED]
> Subject: Re: Cyrus/SASL/PAM/LDAP - what am I missing?
>
>
> > -----
> > #%PAM-1.0
> > auth sufficient /lib/security/pam_ldap.so
> > auth required /lib/security/pam_unix_auth.so
> try_first_pass
> > account sufficient /lib/security/pam_ldap.so
> > account required /lib/security/pam_unix_acct.so
> > -----
>
> try with :
>
> auth sufficient pam_ldap.so
> account sufficient pam_ldap.so
> password required pam_ldap.so debug
> session required pam_deny.so
