Hi
My problem lies in that I cannot manage to authenticate to cyrus-imap via
pam.
My apolegies if some questions are offtoppic, pls redirect med to the right
list.
I've been hitting my head againt the keyboard now for the last week trying
to get cyrus use pam-ldap. I realy need help (anyone know a good shrink? ) I
am starting to belive that cyrus was made to make my life hell. Anyhow, I
hole that if some ppl read this mail and points out the most obvious
misstakes, I'll help me a lot.
Tank you for any input that solves the problem.
PS: The machine is a P733, running rh 6.2 kernel 2.4.3 v/reiser fs and
db3.2. installed with preifx=/usr.
Now. As much as answers, some good advice on where to look would bee good.
;)
I've got some ideas I need input on, so that I know where to start looking:
1. I have not installed pam-devel is this nessecery to get sasl->pam
working?(sasl from source)
2. I compiled cyrus with --with-auth=unix. I tried to user --with-auth-pam
but it didn't work althoug I've seen it mentioned on the list. Why? (imapd
didn't compile, it complaind about not fining authpam.o or something)
3. It seems that ldap does not get my userid when I try to athuenticate (se
log), could this be the problem, if so, where do I fix it?
4. Is it possible to have more arguments of some kind in the service.conf
file in lib/sasl? Richt now the file says
pwcheck_method:PAM. What more is needed?
5. Imtest segfaults. Is this the imapd server segfaulting?
My problem lies in that I cannot manage to authenticate to cyrus. I've tried
most things. Heres a transcript of to imtest sessions I've had:
[tarjei@mailserver log]$ imtest -m login -p imap localhost
C: C01 CAPABILITY
S: * OK mailserver Cyrus IMAP4 v2.0.12 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE
S: C01 OK Completed
Segmentation fault
[I have no name!@mailserver log]$ imtest -m plain -p imap localhost
C: C01 CAPABILITY
S: * OK mailserver Cyrus IMAP4 v2.0.12 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.
[I have no name!@mailserver log]$
<-- heres a snip from my ldap log -->
Apr 9 13:15:08 mailserver slapd[14213]: conn=1107 op=1 SEARCH RESULT
tag=101 err=0 text=
Apr 9 13:15:08 mailserver slapd[14210]: daemon: conn=1108 fd=34 connection
from IP=127.0.0.1:3291 (IP=0.0.0.0:389) accepted.
Apr 9 13:15:08 mailserver slapd[14212]: conn=1108 op=0 BIND
dn="CN=MANAGER,O=NU,C=NO" method=128
Apr 9 13:15:08 mailserver slapd[14212]: conn=1108 op=0 RESULT tag=97 err=0
text=
Apr 9 13:15:08 mailserver slapd[14616]: conn=1108 op=1 SRCH
base="o=nu,c=no" scope=2 filter="(&(objectClass=posixAccount)(uidNumber
=0))"
<<- It clearly shows that something goes to the server, but not the
username! (anyone know why? )
<<-- imapd.conf in /etc --_>>
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus tarjei
allowanonymouslogin: no
allowplaintext: yes
# To use the PAM for authentication (but not /etc/passwd or shadow), change
# the following line to specify "pam" instead of "sasldb".
sasl_pwcheck_method: pam
<-- cyrus.conf in /usr/lib/sasl: -->
pwcheck_method:PAM
Is it possible to have more arguments of some kind in the service.conf file
in lib/sasl?
Also here's what I compiled cyrus-imap with:
./configure \
--prefix=/usr \
--with-openssl=/usr/include/openssl \
--with-cyrus-prefix=/usr/cyrus \
--with-sasl \
--with-openssl=/usr/include/openssl \
--disable-krb4 \
--disable-gssapi \
--with-cyrus-user=cyrus \
--with-auth=unix \
--with-perl=/usr \
--with-cyrus-group=mail
and cyrus-sasl:
CC="gcc" \
./configure \
--prefix=/usr \
--enable-shared \
--enable-login \
--without-krb \
--without-gssapi \
--disable-anon \
--enable-static \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--with-pwcheck_method=PAM \
--with-pam=/lib/security \
--enable-plain \
