Thanks for pointing my typo.. I had meant to use the sasl_pwcheck_method, and I see why having that and the entry in Cyrus.conf would be redundant.
We are still having the same authentication issues. I meant mention that we are running under Solaris 8. The entries I have in the /etc/pam.conf are imap auth sufficient /usr/lib/security/pam_method1.so.1 imap auth required /usr/lib/security/pam_method2.so.1 We don't reference the pam_unix.so.1 for attempts to authenticate with local users when connecting to imap. Yet, when I trussed the saslauthd process for the one valid login that can be done (user cyrus), the output showed that pam_unix.so.1 was being opened, and it read the /etc/shadow file. I can only assume it used it for authenticating that user. The cyrus user is the only user capable of being authenticated via all 3 methods. _______ Russell Gnann UNIX Systems Administrator Andrx Corp. -----Original Message----- From: Ken Murchison [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 2:58 PM To: Russell Gnann Cc: '[EMAIL PROTECTED]' Subject: Re: Errors using PAM and saslauthd Russell Gnann wrote: > > Hi, > > I am having some authentication issues using saslauthd -a pam. The > errors that show up in the message log when a login attempt is made > are > > imapd[13427]: [ID 702911 auth.error] auxpropfunc error -4 > imapd[13427]: [ID 702911 auth.debug] _sasl_plugin_load failed on > sasl_auxprop_plug_init for plugin: sasldb > saslauthd[12854]: [ID 308033 auth.debug] pam_acct_mgmt: error > Permission denied > saslauthd[12854]: [ID 308033 auth.debug] pam_acct_mgmt: error No > account present for user > saslauthd[12854]: [ID 226429 auth.debug] DEBUG: auth_pam: > pam_acct_mgmt > failed: Permission denied > saslauthd[12854]: [ID 982738 auth.warning] AUTHFAIL: user=foo service=imap > realm= [PAM acct error] > > We use a couple of in house PAM modules for authentication. On the > same server that this cyrus installation is built, they work fine > using a test application. We did a truss of saslauthd and noticed > once it had completed the in house authentication it seemed to attempt > authentication using the pam_unix.so.1. In fact we can authenticate > using with the user cyrus successfully, but other local users can not > since they fail on the in house PAM module (not that we want the other > local users to authenticate). > > The imapd.conf we are using contains > > admins: cyrus > allowanonymouslogin: no > sasl_passwd_check: saslauthd ^^^^^^^^^^^^^^^^^^ This is not a valid option. You probably want sasl_pwcheck_method, in which case having a Cyrus.conf file is redundant. > allowplaintext: yes > > Ths Cyrus.conf for sasl2 contains > > pwcheck_method: saslauthd > > We are kind of lost on this end at the moment and any insight someone > might provide would be greatly appreciated. Thanks for any help. You probably need to specify a module for account management. Unless you are doing something exotic, just use permit. Here is my /etc/pam.d/imap: #%PAM-1.0 auth sufficient /lib/security/pam_smb_auth.so auth required /lib/security/pam_pwdb.so shadow nullok account sufficient /lib/security/pam_permit.so -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp