This is more of a curiosity question than a problem, as I finally
figured out why authentication stopped working on my cyrus-imapd 2.5.12
server.
I use sasl in PAM mode: /usr/sbin/saslauthd -a pam
A recent Arch linux system upgrade broke authentication on my email
server. The only related change was cyrus_sasl was updated from 2.1.26
to 2.1.27. After eliminating virtually every other possibility I
finally tracked this down to the PAM configuration file for cyrus-imapd.
The previous file (perhaps incorrectly) was simply this:
auth sufficient pam_unix.so
auth required pam_deny.so
I changed this to
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_unix.so
which fixed the problem. I can understand the account entry being
necessary for sasl authentication, but what I can't understand is why it
was not necessary for 2.1.26, but subsequently necessary for 2.1.27 --
what changed that led to this?
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
