Hi All,
I have a working Cyrus Imap
2.1.11 implimentation using SASL 2.1.10, which auths vs. local accounts via PAM.
using the following configs, however due to RH's EOL in December we are being
forced to migrate to RHEL 3 in about a month. I have a test box running RHL 9
(similar to RHEL 3), however I cannot seem to get the auth working with current
stable Imap/Sasl.
Errors:
Nov 10 20:02:01 fac-imap-test su(pam_unix)[28930]:
session opened for user dchait by root(uid=0)
Nov 10 20:02:10 fac-imap-test imap(pam_unix)[28925]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=dchait Nov 10 20:02:13 fac-imap-test saslauthd[28925]: do_auth : auth failure: [user=dchait] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] Nov 10 20:02:13 fac-imap-test imapd[28975]: badlogin: localhost.localdomain[127.0.0.1] plaintext dchait SASL(-13): authentication failure: checkpass failed Nov 10 20:02:27 fac-imap-test su(pam_unix)[28930]: session closed for user dchait imapd.conf
configdirectory: /var/imap
partition-default: /mail admins: root cyrus allowanonymouslogin: no sasl_pwcheck_method: saslauthd sasl_mech_list: plain cyrus.conf
# standard standalone server
implementation
START {
# do not delete this entry! recover cmd="ctl_cyrusdb -r" # this is only necessary if using idled for
IMAP IDLE
# idled cmd="idled" } # UNIX sockets start with a slash and are put into
/var/imap/socket
SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=0 imaps cmd="imapd -s" listen="imaps" prefork=0 # pop3 cmd="pop3d" listen="pop3" prefork=0 # pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=0 # at least one LMTP is required for
delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 # this is only necessary if using
notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1 } EVENTS {
# this is required checkpoint cmd="ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate
delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440 # this is only necessary if caching TLS
sessions
tlsprune cmd="tls_prune" period=1440 } /etc/rc
/usr/cyrus/bin/master
&
/usr/local/sbin/saslauthd -a pam & /usr/libexec/postfix/master & /etc/pam.d/imap
auth
required
pam_nologin.so
auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth |