Re: PAM Authentication error...
Emma Grant wrote: Hmmm... That would make sense for system users with email accounts, but this is a virtual setup using maildir, they don't have a mail box, but rather a directory. All my information is stored in a database; the default homedir, the maildir, email/username and password...etc Then you aren't using Cyrus correctly. You determine the location os the mail partitions, and that's it. Cyrus determines the name and location of the user's mailboxes. Cyrus is not UW IMAP. The virtual setup is working because I am able to send to the users...and they get a a directory with mail in it automatically. The problem is that I am unable to *retrieve* the mail using pop3. Thanks, Emma -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Murchison Sent: Monday, February 02, 2004 4:47 AM To: Emma Grant Cc: [EMAIL PROTECTED] Subject: Re: PAM Authentication error... Emma Grant wrote: Thanks for your reply. I ended up fixing the error by adding "account required /lib/security/pam_permit.so" at the top of my pop file in pam.d/pop I first tried pam_warn.so, and that told me that my account had expired, and since the really is no system account - email is virtual - I figured that is why it was giving the error. After adding pam_permit I have had no more auth errors. But now I am getting the error: -ERR [SYS/PERM] Unable to locate maildrop any ideas? The system can find the INBOX for the user that is logging in. You need to create a mailbox named user. for each user that will be accessing mail via IMAP or POP. Testsaslauthd? Where would I find this on RH ES? Do I still need it now I am not getting auth errors? No. Thanks, Emma -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Murchison Sent: Monday, February 02, 2004 12:30 AM To: Emma Grant Cc: [EMAIL PROTECTED] Subject: Re: PAM Authentication error... Emma Grant wrote: Hi All, I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my database so I can use my mail server with virtual domains (maildir). I believe that I have configured everything correctly except I am getting the error below when I check pop3 email: do_auth : auth failure: [EMAIL PROTECTED] [service=pop] [realm=] [mech=pam] [reason=PAM auth error] pop3[28753]: badlogin: my.ipaddress.location.etc plaintext [EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed Compile the testsaslauthd program in the SASL distro, and make sure that you can authenticate before moving on to Cyrus. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE: PAM Authentication error...
Hmmm... That would make sense for system users with email accounts, but this is a virtual setup using maildir, they don't have a mail box, but rather a directory. All my information is stored in a database; the default homedir, the maildir, email/username and password...etc The virtual setup is working because I am able to send to the users...and they get a a directory with mail in it automatically. The problem is that I am unable to *retrieve* the mail using pop3. Thanks, Emma -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Murchison Sent: Monday, February 02, 2004 4:47 AM To: Emma Grant Cc: [EMAIL PROTECTED] Subject: Re: PAM Authentication error... Emma Grant wrote: > Thanks for your reply. > > I ended up fixing the error by adding "account required > /lib/security/pam_permit.so" at the top of my pop file in pam.d/pop > > I first tried pam_warn.so, and that told me that my account had expired, > and since the really is no system account - email is virtual - I figured > that is why it was giving the error. After adding pam_permit I have had > no more auth errors. > > But now I am getting the error: > > -ERR [SYS/PERM] Unable to locate maildrop > > any ideas? The system can find the INBOX for the user that is logging in. You need to create a mailbox named user. for each user that will be accessing mail via IMAP or POP. > > Testsaslauthd? Where would I find this on RH ES? Do I still need it now > I am not getting auth errors? No. > > Thanks, > Emma > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ken > Murchison > Sent: Monday, February 02, 2004 12:30 AM > To: Emma Grant > Cc: [EMAIL PROTECTED] > Subject: Re: PAM Authentication error... > > Emma Grant wrote: > > >>Hi All, >> >> >> >>I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my >>database so I can use my mail server with virtual domains (maildir). >> >> >> >>I believe that I have configured everything correctly except I am >>getting the error below when I check pop3 email: >> >> >> >>do_auth : auth failure: [EMAIL PROTECTED] [service=pop] >>[realm=] [mech=pam] [reason=PAM auth error] >> >>pop3[28753]: badlogin: my.ipaddress.location.etc plaintext >>[EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed > > > Compile the testsaslauthd program in the SASL distro, and make sure that > > you can authenticate before moving on to Cyrus. > -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: PAM Authentication error...
Emma Grant wrote: Thanks for your reply. I ended up fixing the error by adding "account required /lib/security/pam_permit.so" at the top of my pop file in pam.d/pop I first tried pam_warn.so, and that told me that my account had expired, and since the really is no system account - email is virtual - I figured that is why it was giving the error. After adding pam_permit I have had no more auth errors. But now I am getting the error: -ERR [SYS/PERM] Unable to locate maildrop any ideas? The system can find the INBOX for the user that is logging in. You need to create a mailbox named user. for each user that will be accessing mail via IMAP or POP. Testsaslauthd? Where would I find this on RH ES? Do I still need it now I am not getting auth errors? No. Thanks, Emma -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Murchison Sent: Monday, February 02, 2004 12:30 AM To: Emma Grant Cc: [EMAIL PROTECTED] Subject: Re: PAM Authentication error... Emma Grant wrote: Hi All, I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my database so I can use my mail server with virtual domains (maildir). I believe that I have configured everything correctly except I am getting the error below when I check pop3 email: do_auth : auth failure: [EMAIL PROTECTED] [service=pop] [realm=] [mech=pam] [reason=PAM auth error] pop3[28753]: badlogin: my.ipaddress.location.etc plaintext [EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed Compile the testsaslauthd program in the SASL distro, and make sure that you can authenticate before moving on to Cyrus. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE: PAM Authentication error...
Thanks for your reply. I ended up fixing the error by adding "account required /lib/security/pam_permit.so" at the top of my pop file in pam.d/pop I first tried pam_warn.so, and that told me that my account had expired, and since the really is no system account - email is virtual - I figured that is why it was giving the error. After adding pam_permit I have had no more auth errors. But now I am getting the error: -ERR [SYS/PERM] Unable to locate maildrop any ideas? Testsaslauthd? Where would I find this on RH ES? Do I still need it now I am not getting auth errors? Thanks, Emma -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Murchison Sent: Monday, February 02, 2004 12:30 AM To: Emma Grant Cc: [EMAIL PROTECTED] Subject: Re: PAM Authentication error... Emma Grant wrote: > Hi All, > > > > I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my > database so I can use my mail server with virtual domains (maildir). > > > > I believe that I have configured everything correctly except I am > getting the error below when I check pop3 email: > > > > do_auth : auth failure: [EMAIL PROTECTED] [service=pop] > [realm=] [mech=pam] [reason=PAM auth error] > > pop3[28753]: badlogin: my.ipaddress.location.etc plaintext > [EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed Compile the testsaslauthd program in the SASL distro, and make sure that you can authenticate before moving on to Cyrus. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: PAM Authentication error...
Emma Grant wrote: Hi All, I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my database so I can use my mail server with virtual domains (maildir). I believe that I have configured everything correctly except I am getting the error below when I check pop3 email: do_auth : auth failure: [EMAIL PROTECTED] [service=pop] [realm=] [mech=pam] [reason=PAM auth error] pop3[28753]: badlogin: my.ipaddress.location.etc plaintext [EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed Compile the testsaslauthd program in the SASL distro, and make sure that you can authenticate before moving on to Cyrus. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: PAm authentication method no longer supported?
Stefan Suurmeijer wrote: > > Hi list, > > sorry if this was dealt with earlier, didn't see it in the archives. > > I just installed Cyrus 2.1.9 on a new box. However, when I wanted to > copy my old config (cyrus 2.0.16, running on another box), I ran into a > snag. > > I was using > > sasl_pwcheck_method: pam > > but when I try to authorize now, I get authentication errors > (imapd[3070]: unknown password verifier). When I checked the imapd.conf > manpages, I saw that the PAM method was no longer listed under the > supported mechanisms. I was able to get it working with the sasldb2, but > I'd like to keep working with PAM, as it's nicely flexible. Was support > for the PAM method removed (something to do with the new sasl version > perhaps)? If so, is there another way to get PAM working again? Check the fourth bullet on doc/upgrading.html in the SASL distro. sasl_pwcheck_method: saslauthd And run: saslauthd -a pam -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE: PAM Authentication
On Wed, 2002-05-15 at 21:37, David Chait wrote: > May 15 20:41:43 bonmaildev saslauthd[19131]: AUTHFAIL: user=dchait > service=imap realm= [PAM auth error] > > This is what I received using the saslauthd -a pam option (pam didn't > work at all). Any ideas? I can't seem to find a reference for this error > anywhere. Run 'ldd' on the saslauthd and imapd binaries to see if they're linked to libpam.so; if not, you don't have them built with PAM support. Wil -- W. Reilly Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * Linux and Network Consulting * irc.linux.com #orlug,#lnxs "The only way for a reporter to look at a politician is down." -- H.L. Mencken signature.asc Description: This is a digitally signed message part
RE: PAM Authentication
what's your /etc/imapd.conf set to for sasl_pwcheck_method?
what's your /etc/pam.d/imap set to?
we need to know those to help trouble shoot... but...
if in /etc/imapd.conf reads...
...
sasl_pwcheck_method: saslauthd
and your /etc/pam.d/imap is:
# begin
authrequired /lib/security/pam_stack.so service=system-auth
account required /lib/secruity/pam_stack.so service=system-auth
# end
then you can try this:
1) make dchait a valid user on your system via useradd and give
that user a password.
2) make sure saslauthd is running...
3) run:
[root] # imtest -m login -a dchait -u dchait -r
and that will test the shadow password checking...
4) run:
[root] # saslpasswd2 -c dchait
Password:
Again (for verification):
[root] # imtest -a dchait -u dchait -r
and you should be able to authenticate in both circumstances.
if you read the docs, the '-m login' bypasses the auth mechanism
and goes straight for the shadow passes (AFAICS)
Jeff
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of David Chait
> Sent: Wednesday, May 15, 2002 9:37 PM
> To: 'Michael Bacon'; 'Ken Murchison'
> Cc: [EMAIL PROTECTED]
> Subject: RE: PAM Authentication
>
>
> May 15 20:41:43 bonmaildev saslauthd[19131]: AUTHFAIL: user=dchait
> service=imap realm= [PAM auth error]
>
> This is what I received using the saslauthd -a pam option (pam didn't
> work at all). Any ideas? I can't seem to find a reference for this error
> anywhere.
>
> -Original Message-
> From: Michael Bacon [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 15, 2002 6:08 PM
> To: Ken Murchison; David Chait
> Cc: [EMAIL PROTECTED]
> Subject: Re: PAM Authentication
>
> Or, if you're in 2.0,
>
> sasl_pwcheck_method: pam
>
> should work fine.
>
> Michael
>
> --On Wednesday, May 15, 2002 1:50 PM -0400 Ken Murchison
> <[EMAIL PROTECTED]>
> wrote:
>
> > What version of Cyrus? Assuming that you are using v2.1.x, set
> >
> > sasl_pwcheck_method: saslauthd
> >
> > and start saslauthd with the '-a pam' option.
> >
> >
> >
> > David Chait wrote:
> >>
> >> Greetings,
> >> I am currently attempting to make Cyrus authenticate via a
> PAM
> >> library (like our Courier-IMAP system did), but have yet been
> >> able to accomplish this. The following is my imapd.conf file and
> >> cyrus.conf file. The MTA I am using is Postfix, but that seems to be
> >> functional.
> >>
> >> Cheers,
> >> David
> >>
> >> Imapd
> >>
> >> configdirectory: /var/imap
> >> partition-default: /home/mail
> >> admins: root cyrus
> >> # srvtab: /var/imap/srvtab
> >> allowanonymouslogin: no
> >> sasl_pwcheck_method: pwcheck
> >>
> >> Cyrus
> >>
> >> # standard standalone server implementation
> >>
> >> START {
> >> # do not delete this entry!
> >> recover cmd="ctl_cyrusdb -r"
> >>
> >> # this is only necessary if using idled for IMAP IDLE
> >> # idledcmd="idled"
> >> }
> >>
> >> # UNIX sockets start with a slash and are put into /var/imap/socket
> >> SERVICES {
> >> # add or remove based on preferences
> >> imap cmd="imapd" listen="imap" prefork=0
> >> imaps cmd="imapd -s" listen="imaps" prefork=0
> >> # pop3 cmd="pop3d" listen="pop3" prefork=0
> >> # pop3scmd="pop3d -s" listen="pop3s" prefork=0
> >> sieve cmd="timsieved" listen="sieve" prefork=0
> >>
> >> # at least one LMTP is required for delivery
> >> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> >> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> >>
> >> # this is only necessary if using notifications
> >> # notify cmd="notifyd" listen="/var/imap/socket/notify"
> >> # proto="udp"
> >> prefork=1
> >> }
> >>
> >> EVENTS {
> >> # this is required
> >> checkpointcmd="ctl_cyrusdb -c" period=30
> >>
> >> # this is only necessary if using duplicate delivery suppression
> >> delprune cmd="ctl_deliver -E 3" period=1440
> >>
> >> # this is only necessary if caching TLS sessions
> >> tlsprune cmd="tls_prune" period=1440
> >> }
> >
> > --
> > Kenneth Murchison Oceana Matrix Ltd.
> > Software Engineer 21 Princeton Place
> > 716-662-8973 x26 Orchard Park, NY 14127
> > --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
> >
> >
>
>
>
>
RE: PAM Authentication
May 15 20:41:43 bonmaildev saslauthd[19131]: AUTHFAIL: user=dchait
service=imap realm= [PAM auth error]
This is what I received using the saslauthd -a pam option (pam didn't
work at all). Any ideas? I can't seem to find a reference for this error
anywhere.
-Original Message-
From: Michael Bacon [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 15, 2002 6:08 PM
To: Ken Murchison; David Chait
Cc: [EMAIL PROTECTED]
Subject: Re: PAM Authentication
Or, if you're in 2.0,
sasl_pwcheck_method: pam
should work fine.
Michael
--On Wednesday, May 15, 2002 1:50 PM -0400 Ken Murchison
<[EMAIL PROTECTED]>
wrote:
> What version of Cyrus? Assuming that you are using v2.1.x, set
>
> sasl_pwcheck_method: saslauthd
>
> and start saslauthd with the '-a pam' option.
>
>
>
> David Chait wrote:
>>
>> Greetings,
>> I am currently attempting to make Cyrus authenticate via a
PAM
>> library (like our Courier-IMAP system did), but have yet been
>> able to accomplish this. The following is my imapd.conf file and
>> cyrus.conf file. The MTA I am using is Postfix, but that seems to be
>> functional.
>>
>> Cheers,
>> David
>>
>> Imapd
>>
>> configdirectory: /var/imap
>> partition-default: /home/mail
>> admins: root cyrus
>> # srvtab: /var/imap/srvtab
>> allowanonymouslogin: no
>> sasl_pwcheck_method: pwcheck
>>
>> Cyrus
>>
>> # standard standalone server implementation
>>
>> START {
>> # do not delete this entry!
>> recover cmd="ctl_cyrusdb -r"
>>
>> # this is only necessary if using idled for IMAP IDLE
>> # idledcmd="idled"
>> }
>>
>> # UNIX sockets start with a slash and are put into /var/imap/socket
>> SERVICES {
>> # add or remove based on preferences
>> imap cmd="imapd" listen="imap" prefork=0
>> imaps cmd="imapd -s" listen="imaps" prefork=0
>> # pop3 cmd="pop3d" listen="pop3" prefork=0
>> # pop3scmd="pop3d -s" listen="pop3s" prefork=0
>> sieve cmd="timsieved" listen="sieve" prefork=0
>>
>> # at least one LMTP is required for delivery
>> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
>> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
>>
>> # this is only necessary if using notifications
>> # notify cmd="notifyd" listen="/var/imap/socket/notify"
>> # proto="udp"
>> prefork=1
>> }
>>
>> EVENTS {
>> # this is required
>> checkpointcmd="ctl_cyrusdb -c" period=30
>>
>> # this is only necessary if using duplicate delivery suppression
>> delprune cmd="ctl_deliver -E 3" period=1440
>>
>> # this is only necessary if caching TLS sessions
>> tlsprune cmd="tls_prune" period=1440
>> }
>
> --
> Kenneth Murchison Oceana Matrix Ltd.
> Software Engineer 21 Princeton Place
> 716-662-8973 x26 Orchard Park, NY 14127
> --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
>
>
Re: PAM Authentication
Or, if you're in 2.0,
sasl_pwcheck_method: pam
should work fine.
Michael
--On Wednesday, May 15, 2002 1:50 PM -0400 Ken Murchison <[EMAIL PROTECTED]>
wrote:
> What version of Cyrus? Assuming that you are using v2.1.x, set
>
> sasl_pwcheck_method: saslauthd
>
> and start saslauthd with the '-a pam' option.
>
>
>
> David Chait wrote:
>>
>> Greetings,
>> I am currently attempting to make Cyrus authenticate via a PAM
>> library (like our Courier-IMAP system did), but have yet been
>> able to accomplish this. The following is my imapd.conf file and
>> cyrus.conf file. The MTA I am using is Postfix, but that seems to be
>> functional.
>>
>> Cheers,
>> David
>>
>> Imapd
>>
>> configdirectory: /var/imap
>> partition-default: /home/mail
>> admins: root cyrus
>> # srvtab: /var/imap/srvtab
>> allowanonymouslogin: no
>> sasl_pwcheck_method: pwcheck
>>
>> Cyrus
>>
>> # standard standalone server implementation
>>
>> START {
>> # do not delete this entry!
>> recover cmd="ctl_cyrusdb -r"
>>
>> # this is only necessary if using idled for IMAP IDLE
>> # idledcmd="idled"
>> }
>>
>> # UNIX sockets start with a slash and are put into /var/imap/socket
>> SERVICES {
>> # add or remove based on preferences
>> imap cmd="imapd" listen="imap" prefork=0
>> imaps cmd="imapd -s" listen="imaps" prefork=0
>> # pop3 cmd="pop3d" listen="pop3" prefork=0
>> # pop3scmd="pop3d -s" listen="pop3s" prefork=0
>> sieve cmd="timsieved" listen="sieve" prefork=0
>>
>> # at least one LMTP is required for delivery
>> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
>> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
>>
>> # this is only necessary if using notifications
>> # notify cmd="notifyd" listen="/var/imap/socket/notify"
>> # proto="udp"
>> prefork=1
>> }
>>
>> EVENTS {
>> # this is required
>> checkpointcmd="ctl_cyrusdb -c" period=30
>>
>> # this is only necessary if using duplicate delivery suppression
>> delprune cmd="ctl_deliver -E 3" period=1440
>>
>> # this is only necessary if caching TLS sessions
>> tlsprune cmd="tls_prune" period=1440
>> }
>
> --
> Kenneth Murchison Oceana Matrix Ltd.
> Software Engineer 21 Princeton Place
> 716-662-8973 x26 Orchard Park, NY 14127
> --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
>
>
Re: PAM Authentication
What version of Cyrus? Assuming that you are using v2.1.x, set
sasl_pwcheck_method: saslauthd
and start saslauthd with the '-a pam' option.
David Chait wrote:
>
> Greetings,
> I am currently attempting to make Cyrus authenticate via a PAM library
> (like our Courier-IMAP system did), but have yet been able to accomplish
> this. The following is my imapd.conf file and cyrus.conf file. The MTA I am
> using is Postfix, but that seems to be functional.
>
> Cheers,
> David
>
> Imapd
>
> configdirectory: /var/imap
> partition-default: /home/mail
> admins: root cyrus
> #srvtab: /var/imap/srvtab
> allowanonymouslogin: no
> sasl_pwcheck_method: pwcheck
>
> Cyrus
>
> # standard standalone server implementation
>
> START {
> # do not delete this entry!
> recover cmd="ctl_cyrusdb -r"
>
> # this is only necessary if using idled for IMAP IDLE
> # idledcmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/imap/socket
> SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=0
> imaps cmd="imapd -s" listen="imaps" prefork=0
> # pop3 cmd="pop3d" listen="pop3" prefork=0
> # pop3scmd="pop3d -s" listen="pop3s" prefork=0
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> # at least one LMTP is required for delivery
> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
>
> # this is only necessary if using notifications
> # notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp"
> prefork=1
> }
>
> EVENTS {
> # this is required
> checkpointcmd="ctl_cyrusdb -c" period=30
>
> # this is only necessary if using duplicate delivery suppression
> delprune cmd="ctl_deliver -E 3" period=1440
>
> # this is only necessary if caching TLS sessions
> tlsprune cmd="tls_prune" period=1440
> }
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: PAM authentication does not work with latest .tar.gz files ...
On Tue, 8 May 2001, Hajimu UMEMOTO wrote: > > On Mon, 7 May 2001 16:33:46 -0300 (ADT) > > The Hermit Hacker <[EMAIL PROTECTED]> said: > > scrappy> On Tue, 8 May 2001, Hajimu UMEMOTO wrote: > > > > On Mon, 7 May 2001 13:37:42 -0300 (ADT) > > > "Marc G. Fournier" <[EMAIL PROTECTED]> said: > > > > marc.fournier> If I do an 'saslpasswd -d marc' to remove myself from the sasldb >file, > > marc.fournier> then try and re-connect with pine, I get the following error: > > > > marc.fournier> May 7 13:21:00 new-relay imapd[66067]: badlogin: >atelier.acadiau.ca[131.162.138.223] CRAM-MD5 authentication failure [no secret in >database] > > > > I believe CRAM-MD5 authentication requires sasldb. You need to > > change pine setting to use plain password. > > scrappy> Any idea how? > > Though I have no experience with pine, doesn't pine have the > configuration for the authentication method? LOGIN should work. you are correct ... they have a 'disable method' feature, which will do it ... thanks ...
Re: PAM authentication does not work with latest .tar.gz files ...
> On Mon, 7 May 2001 16:33:46 -0300 (ADT)
> The Hermit Hacker <[EMAIL PROTECTED]> said:
scrappy> On Tue, 8 May 2001, Hajimu UMEMOTO wrote:
> > On Mon, 7 May 2001 13:37:42 -0300 (ADT)
> > "Marc G. Fournier" <[EMAIL PROTECTED]> said:
>
> marc.fournier> If I do an 'saslpasswd -d marc' to remove myself from the sasldb file,
> marc.fournier> then try and re-connect with pine, I get the following error:
>
> marc.fournier> May 7 13:21:00 new-relay imapd[66067]: badlogin:
>atelier.acadiau.ca[131.162.138.223] CRAM-MD5 authentication failure [no secret in
>database]
>
> I believe CRAM-MD5 authentication requires sasldb. You need to
> change pine setting to use plain password.
scrappy> Any idea how?
Though I have no experience with pine, doesn't pine have the
configuration for the authentication method? LOGIN should work.
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
[EMAIL PROTECTED] [EMAIL PROTECTED] ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
Re: PAM authentication does not work with latest .tar.gz files ...
On Tue, 8 May 2001, Hajimu UMEMOTO wrote: > > On Mon, 7 May 2001 13:37:42 -0300 (ADT) > > "Marc G. Fournier" <[EMAIL PROTECTED]> said: > > marc.fournier> If I do an 'saslpasswd -d marc' to remove myself from the sasldb file, > marc.fournier> then try and re-connect with pine, I get the following error: > > marc.fournier> May 7 13:21:00 new-relay imapd[66067]: badlogin: >atelier.acadiau.ca[131.162.138.223] CRAM-MD5 authentication failure [no secret in >database] > > I believe CRAM-MD5 authentication requires sasldb. You need to > change pine setting to use plain password. Any idea how?
Re: PAM authentication does not work with latest .tar.gz files ...
The Hermit Hacker writes: > >I thought the 'sasl_auto_transition' was *supposed* to do that, but have >never succeeded in getting that to work ... Yes, this works for me, as long as the client is able to do both kinds of authentication. -- -Gary Mills--Unix Support--U of M Academic Computing and Networking-
Re: PAM authentication does not work with latest .tar.gz files ...
> On Mon, 7 May 2001 13:37:42 -0300 (ADT)
> "Marc G. Fournier" <[EMAIL PROTECTED]> said:
marc.fournier> If I do an 'saslpasswd -d marc' to remove myself from the sasldb file,
marc.fournier> then try and re-connect with pine, I get the following error:
marc.fournier> May 7 13:21:00 new-relay imapd[66067]: badlogin:
atelier.acadiau.ca[131.162.138.223] CRAM-MD5 authentication failure [no secret in
database]
I believe CRAM-MD5 authentication requires sasldb. You need to
change pine setting to use plain password.
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
[EMAIL PROTECTED] [EMAIL PROTECTED] ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
Re: PAM authentication does not work with latest .tar.gz files ...
On Mon, 7 May 2001 [EMAIL PROTECTED] wrote: > Larry Greenfield writes: > > > >However, since there's no secret for the user "marc" in /etc/sasldb, > >Pine can't use CRAM-MD5. > > This is a generic problem with c-client. If the server advertizes > CRAM-MD5, the client will try only CRAM-MD5, and will not fall back > to less secure authentication methods. The author states that this > is correct behavior. My experience with 'the author' is that anything he does is right, everyone else is wrong :( That's why I use Cyrus IMAPd vs UofW ... but, pine is, so far as I've experienced, one of the better command line readers, and c-client is used in a fair number of other mailers :(
Re: PAM authentication does not work with latest .tar.gz files ...
On Mon, 7 May 2001, Lawrence Greenfield wrote: >Date: Mon, 7 May 2001 13:37:42 -0300 (ADT) >From: "Marc G. Fournier" <[EMAIL PROTECTED]> > > [...] >If I do an 'saslpasswd -d marc' to remove myself from the sasldb file, >then try and re-connect with pine, I get the following error: > >May 7 13:21:00 new-relay imapd[66067]: badlogin: >atelier.acadiau.ca[131.162.138.223] CRAM-MD5 authentication failure [no secret in >database] > > Cyrus is advertising CRAM-MD5, which always uses /etc/sasldb, because > the file exists. > > However, since there's no secret for the user "marc" in /etc/sasldb, > Pine can't use CRAM-MD5. > > Either remove the CRAM-MD5 plugin, remove /etc/sasldb, or configure > Pine to not use CRAM-MD5. Woo hoo ... got one of the other guys to try it using kmail, and it appears to go to PAM (auth still fails, but at least now I know its going there) ... Has anyone here had any experience with pam_smb for authenticating? I'm using the same pam_smb module that I tested with ftpd, and it authenticated, but with POP3, I'm getting the error below: May 7 15:44:57 new-relay pop3d[66043]: pamsmbd : msg_snd problem May 7 15:45:05 new-relay pop3d[66046]: pamsmbd : msg_snd problem Its soo close, I can taste it :(
Re: PAM authentication does not work with latest .tar.gz files ...
On Mon, 7 May 2001, Lawrence Greenfield wrote: >Date: Mon, 7 May 2001 13:37:42 -0300 (ADT) >From: "Marc G. Fournier" <[EMAIL PROTECTED]> > > [...] >If I do an 'saslpasswd -d marc' to remove myself from the sasldb file, >then try and re-connect with pine, I get the following error: > >May 7 13:21:00 new-relay imapd[66067]: badlogin: >atelier.acadiau.ca[131.162.138.223] CRAM-MD5 authentication failure [no secret in >database] > > Cyrus is advertising CRAM-MD5, which always uses /etc/sasldb, because > the file exists. > > However, since there's no secret for the user "marc" in /etc/sasldb, > Pine can't use CRAM-MD5. > > Either remove the CRAM-MD5 plugin, remove /etc/sasldb, or configure > Pine to not use CRAM-MD5. Okay, is there any way of setting it up so that, if someone logs in, they issue their passwd, the system checks: /etc/sasldb - that fails, check through PAM - that succeeds, add/update entry to sasldb so that their first login might be insecure, but subsequent ones will use a more secure encryption? I thought the 'sasl_auto_transition' was *supposed* to do that, but have never succeeded in getting that to work ... Thanks ...
Re: PAM authentication does not work with latest .tar.gz files ...
Larry Greenfield writes: > >However, since there's no secret for the user "marc" in /etc/sasldb, >Pine can't use CRAM-MD5. This is a generic problem with c-client. If the server advertizes CRAM-MD5, the client will try only CRAM-MD5, and will not fall back to less secure authentication methods. The author states that this is correct behavior. -- -Gary Mills--Unix Support--U of M Academic Computing and Networking-
Re: PAM authentication does not work with latest .tar.gz files ...
Date: Mon, 7 May 2001 13:37:42 -0300 (ADT) From: "Marc G. Fournier" <[EMAIL PROTECTED]> [...] If I do an 'saslpasswd -d marc' to remove myself from the sasldb file, then try and re-connect with pine, I get the following error: May 7 13:21:00 new-relay imapd[66067]: badlogin: atelier.acadiau.ca[131.162.138.223] CRAM-MD5 authentication failure [no secret in database] Cyrus is advertising CRAM-MD5, which always uses /etc/sasldb, because the file exists. However, since there's no secret for the user "marc" in /etc/sasldb, Pine can't use CRAM-MD5. Either remove the CRAM-MD5 plugin, remove /etc/sasldb, or configure Pine to not use CRAM-MD5. Larry
