PAM Auth with SASL 2.1.15

Mon, 10 Nov 2003 21:21:10 -0800

Hi All,
    I have a working Cyrus Imap 2.1.11 implimentation using SASL 2.1.10, which auths vs. local accounts via PAM. using the following configs, however due to RH's EOL in December we are being forced to migrate to RHEL 3 in about a month. I have a test box running RHL 9 (similar to RHEL 3), however I cannot seem to get the auth working with current stable Imap/Sasl.
 
Errors:
 
Nov 10 20:02:01 fac-imap-test su(pam_unix)[28930]: session opened for user dchait by root(uid=0)
Nov 10 20:02:10 fac-imap-test imap(pam_unix)[28925]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=dchait
Nov 10 20:02:13 fac-imap-test saslauthd[28925]: do_auth         : auth failure: [user=dchait] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
Nov 10 20:02:13 fac-imap-test imapd[28975]: badlogin: localhost.localdomain[127.0.0.1] plaintext dchait SASL(-13): authentication failure: checkpass failed
Nov 10 20:02:27 fac-imap-test su(pam_unix)[28930]: session closed for user dchait
 
 
imapd.conf
 
configdirectory: /var/imap
partition-default: /mail
admins: root cyrus
allowanonymouslogin: no
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain
 
cyrus.conf
 
# standard standalone server implementation
 
START {
  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"
 
  # this is only necessary if using idled for IMAP IDLE
#  idled                cmd="idled"
}
 
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=0
  imaps         cmd="imapd -s" listen="imaps" prefork=0
#  pop3         cmd="pop3d" listen="pop3" prefork=0
#  pop3s                cmd="pop3d -s" listen="pop3s" prefork=0
  sieve         cmd="timsieved" listen="sieve" prefork=0
 
  # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
 
  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1
}
 
EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30
 
  # this is only necessary if using duplicate delivery suppression
  delprune      cmd="ctl_deliver -E 3" period=1440
 
  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" period=1440
}
 
/etc/rc
 
/usr/cyrus/bin/master &
/usr/local/sbin/saslauthd -a pam &
/usr/libexec/postfix/master &
 
/etc/pam.d/imap
 
auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
 
 

Reply via email to