what's your /etc/imapd.conf set to for sasl_pwcheck_method? what's your /etc/pam.d/imap set to?
we need to know those to help trouble shoot... but... if in /etc/imapd.conf reads... ... sasl_pwcheck_method: saslauthd .... and your /etc/pam.d/imap is: # begin auth required /lib/security/pam_stack.so service=system-auth account required /lib/secruity/pam_stack.so service=system-auth # end then you can try this: 1) make dchait a valid user on your system via useradd and give that user a password. 2) make sure saslauthd is running... 3) run: [root] # imtest -m login -a dchait -u dchait -r <hostname> <hostname> and that will test the shadow password checking... 4) run: [root] # saslpasswd2 -c dchait Password: <password> Again (for verification): <password> [root] # imtest -a dchait -u dchait -r <hostname> <hostname> and you should be able to authenticate in both circumstances. if you read the docs, the '-m login' bypasses the auth mechanism and goes straight for the shadow passes (AFAICS) Jeff > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of David Chait > Sent: Wednesday, May 15, 2002 9:37 PM > To: 'Michael Bacon'; 'Ken Murchison' > Cc: [EMAIL PROTECTED] > Subject: RE: PAM Authentication > > > May 15 20:41:43 bonmaildev saslauthd[19131]: AUTHFAIL: user=dchait > service=imap realm= [PAM auth error] > > This is what I received using the saslauthd -a pam option (pam didn't > work at all). Any ideas? I can't seem to find a reference for this error > anywhere. > > -----Original Message----- > From: Michael Bacon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 15, 2002 6:08 PM > To: Ken Murchison; David Chait > Cc: [EMAIL PROTECTED] > Subject: Re: PAM Authentication > > Or, if you're in 2.0, > > sasl_pwcheck_method: pam > > should work fine. > > Michael > > --On Wednesday, May 15, 2002 1:50 PM -0400 Ken Murchison > <[EMAIL PROTECTED]> > wrote: > > > What version of Cyrus? Assuming that you are using v2.1.x, set > > > > sasl_pwcheck_method: saslauthd > > > > and start saslauthd with the '-a pam' option. > > > > > > > > David Chait wrote: > >> > >> Greetings, > >> I am currently attempting to make Cyrus authenticate via a > PAM > >> library (like our Courier-IMAP system did), but have yet been > >> able to accomplish this. The following is my imapd.conf file and > >> cyrus.conf file. The MTA I am using is Postfix, but that seems to be > >> functional. > >> > >> Cheers, > >> David > >> > >> Imapd > >> > >> configdirectory: /var/imap > >> partition-default: /home/mail > >> admins: root cyrus > >> # srvtab: /var/imap/srvtab > >> allowanonymouslogin: no > >> sasl_pwcheck_method: pwcheck > >> > >> Cyrus > >> > >> # standard standalone server implementation > >> > >> START { > >> # do not delete this entry! > >> recover cmd="ctl_cyrusdb -r" > >> > >> # this is only necessary if using idled for IMAP IDLE > >> # idled cmd="idled" > >> } > >> > >> # UNIX sockets start with a slash and are put into /var/imap/socket > >> SERVICES { > >> # add or remove based on preferences > >> imap cmd="imapd" listen="imap" prefork=0 > >> imaps cmd="imapd -s" listen="imaps" prefork=0 > >> # pop3 cmd="pop3d" listen="pop3" prefork=0 > >> # pop3s cmd="pop3d -s" listen="pop3s" prefork=0 > >> sieve cmd="timsieved" listen="sieve" prefork=0 > >> > >> # at least one LMTP is required for delivery > >> # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > >> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 > >> > >> # this is only necessary if using notifications > >> # notify cmd="notifyd" listen="/var/imap/socket/notify" > >> # proto="udp" > >> prefork=1 > >> } > >> > >> EVENTS { > >> # this is required > >> checkpoint cmd="ctl_cyrusdb -c" period=30 > >> > >> # this is only necessary if using duplicate delivery suppression > >> delprune cmd="ctl_deliver -E 3" period=1440 > >> > >> # this is only necessary if caching TLS sessions > >> tlsprune cmd="tls_prune" period=1440 > >> } > > > > -- > > Kenneth Murchison Oceana Matrix Ltd. > > Software Engineer 21 Princeton Place > > 716-662-8973 x26 Orchard Park, NY 14127 > > --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp > > > > > > > >
