I finally got cyrus2-imapd to authenticate an account, but I had to use "sasldb" instead of "PAM" for "sasl_pwcheck_method" in /etc/imapd.conf.
It appears that until PAM-0.74 is available in "unstable", cyrus2-imapd won't be able to authenticate using it. I thought about filing a "new upstream version" bug against libpam0g, but I know there has been some discussion about how to handle new versions of PAM in Debian. I just can't seem to find the correct mailing list archive or web page that describes this. It would be nice to be able to have Cyrus do a two-level check, first on real accounts via PAM, then on virtual accounts via SASL, then return an unknown user error, but I don't know enough about PAM, SASL or Cyrus to create a patch (yet). I tried copying the included /etc/pam.d/cyrus to /etc/pam.d/pop and to /etc/pam.d/imap to get Cyrus to authenticate against PAM. This didn't work. That file looked like this: ------- /etc/pam.d/cyrus # PAM configuration file for Cyrus # # If you want to use Cyrus in a setup where users don't have # accounts on the local machine, you'll need to make sure # you use something like pam_permit for account checking. # # Also, take a look into libpam-ldap, libpam-mysql/libpam-pgsql # and libpam-pwdfile. They're likely to be helpful aid for creating # a closed-box email system. # auth required pam_unix.so nullok account required pam_unix.so ------- End of /etc/pam.d/cyrus I also tried using the /etc/pam.d/pop and /etc/pam.d/imap (the files are identical; see below) that came with the 2.0.16 RPMs on <http://rmrpms.tripod.com/cyrus-imapd/> without any luck (since pam_stack.so is a part of PAM-0.74). ------- /etc/pam.d/[pop|imap] #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth ------- End of /etc/pam.d/[pop|imap] I finally did the following to create an /etc/sasldb file: $ ssh [EMAIL PROTECTED] # saslpasswd ddkilzer Password: Again (for verification): # exit This was done long after running "cyradm" to create a mailbox for ddkilzer ("cm user.ddkilzer"). After creating the sasldb (and changing /etc/imapd.conf and restarting cyrmaster), logging into the POP server through telnet worked great, and I could connect to the imapd using mutt. I know this isn't the ideal setup, but it's what I'll use for now. Hope this still helps! Dave
