I am experiencing a Cyrus-SASL and PAM authentication issue here:
I have configured a Cyrus-IMAP Server to use saslauthd for authentication.
The system is a RHEL4 Update 3 64bit and runs the RPM package comes with
Redhat. The Cyrus-SASL version is 2.1.19, Cyrus-IMAP version is 2.2.12-3.
Here
I am experiencing a Cyrus-SASL and PAM authentication issue here:
I have configured a Cyrus-IMAP Server to use saslauthd for authentication.
The system is a RHEL4 Update 3 64bit and runs the RPM package comes with
Redhat. The Cyrus-SASL version is 2.1.19, Cyrus-IMAP version is 2.2.12-3
]
Sent: Wednesday, June 14, 2006 11:36 AM
To: Xue, Jack C
Cc: info-cyrus@lists.andrew.cmu.edu
Subject: Re: Cyrus saslauthd PAM authentication Issue
I am experiencing a Cyrus-SASL and PAM authentication issue here:
I have configured a Cyrus-IMAP Server to use saslauthd for
authentication
remember reading something earlier today about if you are
using PAM authentication with SASLAUTHD then you should disable KERBEROS/KRB4
on you Cyrus config. For some reason it takes over the authentication
process???
I have been searching for the documentation that I passed by,
with no luck
,
Emma
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken
Murchison
Sent: Monday, February 02, 2004 12:30 AM
To: Emma Grant
Cc: [EMAIL PROTECTED]
Subject: Re: PAM Authentication error...
Emma Grant wrote:
Hi All,
I am running Cyrus Imap 2.2.3
Murchison
Sent: Monday, February 02, 2004 12:30 AM
To: Emma Grant
Cc: [EMAIL PROTECTED]
Subject: Re: PAM Authentication error...
Emma Grant wrote:
Hi All,
I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my
database so I can use my mail server with virtual domains (maildir).
I
Sent: Monday, February 02, 2004 4:47 AM
To: Emma Grant
Cc: [EMAIL PROTECTED]
Subject: Re: PAM Authentication error...
Emma Grant wrote:
Thanks for your reply.
I ended up fixing the error by adding account required
/lib/security/pam_permit.so at the top of my pop file in pam.d/pop
I first
: Re: PAM Authentication error...
Emma Grant wrote:
Thanks for your reply.
I ended up fixing the error by adding account required
/lib/security/pam_permit.so at the top of my pop file in pam.d/pop
I first tried pam_warn.so, and that told me that my account had
expired,
and since the really
Subject: Re: SASL2+POSTFIX PAM authentication failure
: k1680792 wrote:
:
: Hi all,
: I am going to use SASL pam method to complete Postfix's authentication.
: I compiled Cyrus-sasl-2.1.10 with the following options.
: --disable-sample
: --disable-saslauthd
: --disable-cram
: --disable-digest
Hi all,
I want to know:Doese Cyrus-SASL-2.1.10 support /usr/lib/sasl/*.conf with
the following method
pwcheck_method: pam
I don't want to use saslauthd . My another server with Cyrus-SASL-1.5.28
supports 'pwcheck_method:pam' well.
Thanks!
---
Kai
k1680792 wrote:
Hi all,
I want to know:Doese Cyrus-SASL-2.1.10 support /usr/lib/sasl/*.conf with
the following method
pwcheck_method: pam
I don't want to use saslauthd . My another server with Cyrus-SASL-1.5.28
supports 'pwcheck_method:pam' well.
There are significant differences between SASL
No, unfortunately not any more..
You HAVE to use the saslauthd daemon.
This is to get around all the security problems with SASL 1.5.x using
pam.. With sasl 1.5.x AS you have to relax your security to get cyrus to
authenticate via pam (as pam is supposed to run as ROOT, especially to
access
Hi all,
I am going to use SASL pam method to complete Postfix's authentication.
I compiled Cyrus-sasl-2.1.10 with the following options.
--disable-sample
--disable-saslauthd
--disable-cram
--disable-digest
--disable-krb4
--disable-gssapi
--disable-anon
--enable-plain
--enable-login
k1680792 wrote:
Hi all,
I am going to use SASL pam method to complete Postfix's authentication.
I compiled Cyrus-sasl-2.1.10 with the following options.
--disable-sample
--disable-saslauthd
--disable-cram
--disable-digest
--disable-krb4
--disable-gssapi
--disable-anon
--enable-plain
Hi list,
sorry if this was dealt with earlier, didn't see it in the archives.
I just installed Cyrus 2.1.9 on a new box. However, when I wanted to
copy my old config (cyrus 2.0.16, running on another box), I ran into a
snag.
I was using
sasl_pwcheck_method: pam
but when I try to authorize
Stefan Suurmeijer wrote:
Hi list,
sorry if this was dealt with earlier, didn't see it in the archives.
I just installed Cyrus 2.1.9 on a new box. However, when I wanted to
copy my old config (cyrus 2.0.16, running on another box), I ran into a
snag.
I was using
On Tue, 8 Oct 2002, Robert Scussel wrote:
What version of sasl?
What do your conf files look like?
cyrus is 1.5.24.
My /etc/imapd.conf has:
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_passwd_check: pwcheck
# To use the PAM for
What version of sasl?
What do your conf files look like?
B
Roberto Jung Drebes wrote:
Hi there,
I am using cyrus imapd 2.0.16, and having no success authenticating users
at the shadow file.
I have pwcheck running as root, and
sasl_passwd_check: pwcheck
in /etc/imapd.conf, but when
On Wed, 2002-05-15 at 21:37, David Chait wrote:
May 15 20:41:43 bonmaildev saslauthd[19131]: AUTHFAIL: user=dchait
service=imap realm= [PAM auth error]
This is what I received using the saslauthd -a pam option (pam didn't
work at all). Any ideas? I can't seem to find a reference for this
Greetings,
I am currently attempting to make Cyrus authenticate via a PAM library
(like our Courier-IMAP system did), but have yet been able to accomplish
this. The following is my imapd.conf file and cyrus.conf file. The MTA I am
using is Postfix, but that seems to be functional.
What version of Cyrus? Assuming that you are using v2.1.x, set
sasl_pwcheck_method: saslauthd
and start saslauthd with the '-a pam' option.
David Chait wrote:
Greetings,
I am currently attempting to make Cyrus authenticate via a PAM library
(like our Courier-IMAP system did),
Or, if you're in 2.0,
sasl_pwcheck_method: pam
should work fine.
Michael
--On Wednesday, May 15, 2002 1:50 PM -0400 Ken Murchison [EMAIL PROTECTED]
wrote:
What version of Cyrus? Assuming that you are using v2.1.x, set
sasl_pwcheck_method: saslauthd
and start saslauthd with the '-a
: Michael Bacon [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 15, 2002 6:08 PM
To: Ken Murchison; David Chait
Cc: [EMAIL PROTECTED]
Subject: Re: PAM Authentication
Or, if you're in 2.0,
sasl_pwcheck_method: pam
should work fine.
Michael
--On Wednesday, May 15, 2002 1:50 PM -0400 Ken Murchison
'
Cc: [EMAIL PROTECTED]
Subject: RE: PAM Authentication
May 15 20:41:43 bonmaildev saslauthd[19131]: AUTHFAIL: user=dchait
service=imap realm= [PAM auth error]
This is what I received using the saslauthd -a pam option (pam didn't
work at all). Any ideas? I can't seem to find a reference
On Sat, 5 Jan 2002, Amos Gouaux wrote:
km nroff -mdoc saslauthd.mdoc saslauthd.8
km make install
And if you don't? Looks like cyrus-sasl from CVS runs this by
default in the 'install' target, and on a Solaris system without
mdoc macros it blows up. So this means, unless I'm mistaken,
Quoting Amos Gouaux [EMAIL PROTECTED]:
On Sat, 08 Dec 2001 10:43:17 -0500,
Ken Murchison [EMAIL PROTECTED] (km) writes:
km I think that this is because the preformatted saslauthd.8 in the
km distribution hasn't been updated from the saslauthd.mdoc source. If
you
km have the mdoc
On Sun, 6 Jan 2002 20:42:16 -0500,
Ken Murchison [EMAIL PROTECTED] (km) writes:
km Yeah. We're trying not to have generated files in CVS (just source files). So
km mdoc would be considered one of the tools that you need if you want to use
km the code from CVS.
Thanks to you and Rob for
On Sat, 08 Dec 2001 10:43:17 -0500,
Ken Murchison [EMAIL PROTECTED] (km) writes:
km I think that this is because the preformatted saslauthd.8 in the
km distribution hasn't been updated from the saslauthd.mdoc source. If you
km have the mdoc macros, just run:
km nroff -mdoc saslauthd.mdoc
On Sat, 08 Dec 2001 01:42:17 -0500,
Vincent Stoessel [EMAIL PROTECTED] (vs) writes:
vs It sound like a very well designed change I will defintely be playing with this
vs one, I am tired of creating users on the system for mail accts.
This saslauthd also has much better logging than the old
SASL-1.5.27 to SASL-2.0.5-BETA and found it very
difficult to have my old LDAP-via-PAM authentication scheme survive this
transition.
As getpwent did not work either, I ended up in putting my small LDAP
userbase back up into the flat files and bring my services up working again
via saslauthd
page.
Yesterday I migrated from SASL-1.5.27 to SASL-2.0.5-BETA and found it very
difficult to have my old LDAP-via-PAM authentication scheme survive this
transition.
As getpwent did not work either, I ended up in putting my small LDAP
userbase back up into the flat files and bring my
On Sat, 8 Dec 2001, Ken Murchison wrote:
nroff -mdoc saslauthd.mdoc saslauthd.8
make install
Sadly it looks like saslauthd.mdoc didn't make it into the release. I've
attached an updated version to this message.
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob
I decided to move from cyrus 2.0.16 to cyrus 2.1.0.
I compiled cyrus with the following command
./configure --with-cyrus-user=cyrus --with-cyrus-group=cyrus
--with-cyrus-prefix=/usr/local/cyrus --with-auth=unix
--with-openssl=/usr/include --with-sasl=/usr/local/lib
I compiled cyrus
On Fri, 7 Dec 2001, Robert Scussel wrote:
My imapd.conf file looks like so:
configdirectory: /var/spool/imapdb
partition-default: /var/spool/imap
sasl_pwcheck_method: PAM
reject8bit: no
SASLv2 no longer makes use of the many internal pwcheck methods that it
used
saslauthd links the pam libraries just like libsasl used to in SASLv1.
libsasl2 now connects to a unix domain socket, which saslauthd is
listening to, presents the username and password, and saslauthd consults
pam, and replies either yes or now. This is similar to how pwcheck works.
To start
How then does pam interface with the new saslauthd?
Rob Siemborski wrote:
On Fri, 7 Dec 2001, Robert Scussel wrote:
My imapd.conf file looks like so:
configdirectory: /var/spool/imapdb
partition-default: /var/spool/imap
sasl_pwcheck_method: PAM
reject8bit: no
Rob Siemborski wrote:
saslauthd links the pam libraries just like libsasl used to in SASLv1.
libsasl2 now connects to a unix domain socket, which saslauthd is
listening to, presents the username and password, and saslauthd consults
pam, and replies either yes or now. This is similar to
Hi,
I've successfully installed and set up Cyrus to authenticate from PAM by
1. changing group of imapd to shadow
2. changing group for /etc/shadow to shadow (it's root by default) and chmod
g+r
Whenever I change a password for a user (with passwd) The /etc/shadow looses
the grop and g+r
On Wednesday 19 September 2001 06:26, Oyku Gencay wrote:
Hi,
I've successfully installed and set up Cyrus to authenticate from PAM
by 1. changing group of imapd to shadow
2. changing group for /etc/shadow to shadow (it's root by default)
and chmod g+r
Whenever I change a password for a
:
sasl_pwcheck_method: PAM
Part of that assumption is that PAM authentication will automatically try to
authenticate with the libraries listed in /etc/pam.conf under login or other?
This is not working though :(
Are my assumptions correct?
Thanks in advance,
--Buddy
Okay, either I'm losing it, or there is a bug here somewhere :(
I removed the ports I had installed, for FreeBSD, and built fresh from
source, using the following configure settings:
=[ sasl ]
#!/bin/tcsh
setenv CFLAGS -I/usr/local/include/db3
#setenv CPPFLAGS
Date: Mon, 7 May 2001 13:37:42 -0300 (ADT)
From: Marc G. Fournier [EMAIL PROTECTED]
[...]
If I do an 'saslpasswd -d marc' to remove myself from the sasldb file,
then try and re-connect with pine, I get the following error:
May 7 13:21:00 new-relay imapd[66067]: badlogin:
On Mon, 7 May 2001, Lawrence Greenfield wrote:
Date: Mon, 7 May 2001 13:37:42 -0300 (ADT)
From: Marc G. Fournier [EMAIL PROTECTED]
[...]
If I do an 'saslpasswd -d marc' to remove myself from the sasldb file,
then try and re-connect with pine, I get the following error:
May
On Mon, 7 May 2001, Lawrence Greenfield wrote:
Date: Mon, 7 May 2001 13:37:42 -0300 (ADT)
From: Marc G. Fournier [EMAIL PROTECTED]
[...]
If I do an 'saslpasswd -d marc' to remove myself from the sasldb file,
then try and re-connect with pine, I get the following error:
May
On Mon, 7 May 2001 [EMAIL PROTECTED] wrote:
Larry Greenfield writes:
However, since there's no secret for the user marc in /etc/sasldb,
Pine can't use CRAM-MD5.
This is a generic problem with c-client. If the server advertizes
CRAM-MD5, the client will try only CRAM-MD5, and will not
On Mon, 7 May 2001 13:37:42 -0300 (ADT)
Marc G. Fournier [EMAIL PROTECTED] said:
marc.fournier If I do an 'saslpasswd -d marc' to remove myself from the sasldb file,
marc.fournier then try and re-connect with pine, I get the following error:
marc.fournier May 7 13:21:00 new-relay
On Tue, 8 May 2001, Hajimu UMEMOTO wrote:
On Mon, 7 May 2001 13:37:42 -0300 (ADT)
Marc G. Fournier [EMAIL PROTECTED] said:
marc.fournier If I do an 'saslpasswd -d marc' to remove myself from the sasldb file,
marc.fournier then try and re-connect with pine, I get the following error:
On Mon, 7 May 2001 16:33:46 -0300 (ADT)
The Hermit Hacker [EMAIL PROTECTED] said:
scrappy On Tue, 8 May 2001, Hajimu UMEMOTO wrote:
On Mon, 7 May 2001 13:37:42 -0300 (ADT)
Marc G. Fournier [EMAIL PROTECTED] said:
marc.fournier If I do an 'saslpasswd -d marc' to remove myself from the
On Tue, 8 May 2001, Hajimu UMEMOTO wrote:
On Mon, 7 May 2001 16:33:46 -0300 (ADT)
The Hermit Hacker [EMAIL PROTECTED] said:
scrappy On Tue, 8 May 2001, Hajimu UMEMOTO wrote:
On Mon, 7 May 2001 13:37:42 -0300 (ADT)
Marc G. Fournier [EMAIL PROTECTED] said:
marc.fournier If I do an
Okay, I'm at a loss here, and hope someone has an idea of what I'm missing
...
I installed cyrus-imapd and cyrus-sasl from ports under FreeBSD, that all
appears to work great as long as I don't try and set sasl_pwcheck_method
to PAM ... as soon as I set that, it fails.
I'm trying to use the
50 matches
Mail list logo