saslauthd question
Surely someone on this list will know the answer to this question. Given sasl_pwcheck_method: saslauthd, with authentication mechanism=pam I'm trying to track down how saslauthd knows that the cyrus PAM service file is called imap; i.e. /etc/pam.d/imap. Is this just built in? I can't find a configuration for it anywhere. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd question
On 12/11/2014 02:34 PM, Patrick Goetz wrote: Surely someone on this list will know the answer to this question. Given sasl_pwcheck_method: saslauthd, with authentication mechanism=pam I'm trying to track down how saslauthd knows that the cyrus PAM service file is called imap; i.e. /etc/pam.d/imap. Is this just built in? I can't find a configuration for it anywhere. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Harcoded in imapd.c if (sasl_server_new(imap, config_servername attachment: boutilpj.vcf Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd question
On Thu, 11 Dec 2014, Patrick Boutilier wrote: On 12/11/2014 02:34 PM, Patrick Goetz wrote: Surely someone on this list will know the answer to this question. Given sasl_pwcheck_method: saslauthd, with authentication mechanism=pam I'm trying to track down how saslauthd knows that the cyrus PAM service file is called imap; i.e. /etc/pam.d/imap. Is this just built in? I can't find a configuration for it anywhere. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Harcoded in imapd.c if (sasl_server_new(imap, config_servername I thought the PAM name was taken from the service name in /etc/cyrus.conf, but my own configuration seems to indicate that it must be hardcoded for each service. I only have PAM files for imap, lmtp, and sieve although I have other service names for some of them. I guess it's just the imapd.conf config variables that are allowed to be prefixed with the service name. Andy Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd question
On 12/11/14 12:34 -0600, Patrick Goetz wrote: Surely someone on this list will know the answer to this question. Given sasl_pwcheck_method: saslauthd, with authentication mechanism=pam I'm trying to track down how saslauthd knows that the cyrus PAM service file is called imap; i.e. /etc/pam.d/imap. Is this just built in? I can't find a configuration for it anywhere. saslauthd receives the service name via the unix domain socket protocol exchange - see the OVERVIEW section in saslauthd-main.c. The glue layer (libsasl2) provides the service name to saslauthd based on what it's given in the call to sasl_server_new (See the manpage). Cyrus imapd hard codes the service names, and they are not configurable. Grep through the cyrus imap source for that function call to determine which pam file to configure for each service. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd question
On 12/11/2014 12:45 PM, Andrew Morgan wrote: I only have PAM files for imap, lmtp, and sieve although I have other service names for some of them. I don't understand why you have PAM files for lmtp and sieve, but most particularly lmtp. lmtpd is just a local daemon that transfers stuff from your smtp server to cyrus. Are you running cyrus and smtpd on different servers? If so, what does the PAM lmtp configuration look like? I don't know anything about sieve, but thought the filters where all internal, too; hence not in need of authentication. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd question
On 12/11/2014 12:45 PM, Andrew Morgan wrote: I only have PAM files for imap, lmtp, and sieve although I have other service names for some of them. I don't understand why you have PAM files for lmtp and sieve, but most particularly lmtp. lmtpd is just a local daemon that transfers stuff from your smtp server to cyrus. Are you running cyrus and smtpd on different servers? If so, what does the PAM lmtp configuration look like? If you do lmtp over the network, you may want to authenticate who can deliver mails. Otherwise you can just use lmtpd -a if the environment is considered secure. I don't know anything about sieve, but thought the filters where all internal, too; hence not in need of authentication. Sieve rules have to be managed per user, and therefore you need authentication. The server itself doesn't need to auth anything to run the filters. Regards, Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd question
On Thu, 11 Dec 2014, Patrick Goetz wrote: On 12/11/2014 12:45 PM, Andrew Morgan wrote: I only have PAM files for imap, lmtp, and sieve although I have other service names for some of them. I don't understand why you have PAM files for lmtp and sieve, but most particularly lmtp. lmtpd is just a local daemon that transfers stuff from your smtp server to cyrus. Are you running cyrus and smtpd on different servers? If so, what does the PAM lmtp configuration look like? I don't know anything about sieve, but thought the filters where all internal, too; hence not in need of authentication. We have multiple smtp servers that accept incoming mail plus we run a Cyrus Murder cluster. There is a lot of lmtp over the network happening. :) The PAM configuration for lmtp, sieve, and imap is identical (auth against LDAP). Andy Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus