Did you set up pam configuration file for imap? It goes under
dir /etc/pam.d on RedHat systems.
You have indicated you want to use pam & ldap combination but
you compilation option "--with-auth=unix" MAY ( I am not quite
sure) use unix's native "/etc/passwd" and "/etc/group" files
for authentication. I am not sure if that is what you want!
__
Seva
Tarjei Huse wrote:
>
> Hi
>
> My problem lies in that I cannot manage to authenticate to cyrus-imap via
> pam.
>
> My apolegies if some questions are offtoppic, pls redirect med to the right
> list.
>
> I've been hitting my head againt the keyboard now for the last week trying
> to get cyrus use pam-ldap. I realy need help (anyone know a good shrink? ) I
> am starting to belive that cyrus was made to make my life hell. Anyhow, I
> hole that if some ppl read this mail and points out the most obvious
> misstakes, I'll help me a lot.
>
> Tank you for any input that solves the problem.
>
> PS: The machine is a P733, running rh 6.2 kernel 2.4.3 v/reiser fs and
> db3.2. installed with preifx=/usr.
>
> Now. As much as answers, some good advice on where to look would bee good.
> ;)
>
> I've got some ideas I need input on, so that I know where to start looking:
> 1. I have not installed pam-devel is this nessecery to get sasl->pam
> working?(sasl from source)
> 2. I compiled cyrus with --with-auth=unix. I tried to user --with-auth-pam
> but it didn't work althoug I've seen it mentioned on the list. Why? (imapd
> didn't compile, it complaind about not fining authpam.o or something)
> 3. It seems that ldap does not get my userid when I try to athuenticate (se
> log), could this be the problem, if so, where do I fix it?
> 4. Is it possible to have more arguments of some kind in the service.conf
> file in lib/sasl? Richt now the file says
> pwcheck_method:PAM. What more is needed?
> 5. Imtest segfaults. Is this the imapd server segfaulting?
>
> My problem lies in that I cannot manage to authenticate to cyrus. I've tried
> most things. Heres a transcript of to imtest sessions I've had:
>
> [tarjei@mailserver log]$ imtest -m login -p imap localhost
> C: C01 CAPABILITY
> S: * OK mailserver Cyrus IMAP4 v2.0.12 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES IDLE
> S: C01 OK Completed
> Segmentation fault
>
> [I have no name!@mailserver log]$ imtest -m plain -p imap localhost
> C: C01 CAPABILITY
> S: * OK mailserver Cyrus IMAP4 v2.0.12 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES IDLE
> S: C01 OK Completed
> C: A01 AUTHENTICATE PLAIN
> S: A01 NO no mechanism available
> Authentication failed. generic failure
> Security strength factor: 0
> . logout
> * BYE LOGOUT received
> . OK Completed
> Connection closed.
> [I have no name!@mailserver log]$
>
> <-- heres a snip from my ldap log -->
> Apr 9 13:15:08 mailserver slapd[14213]: conn=1107 op=1 SEARCH RESULT
> tag=101 err=0 text=
> Apr 9 13:15:08 mailserver slapd[14210]: daemon: conn=1108 fd=34 connection
> from IP=127.0.0.1:3291 (IP=0.0.0.0:389) accepted.
> Apr 9 13:15:08 mailserver slapd[14212]: conn=1108 op=0 BIND
> dn="CN=MANAGER,O=NU,C=NO" method=128
> Apr 9 13:15:08 mailserver slapd[14212]: conn=1108 op=0 RESULT tag=97 err=0
> text=
> Apr 9 13:15:08 mailserver slapd[14616]: conn=1108 op=1 SRCH
> base="o=nu,c=no" scope=2 filter="(&(objectClass=posixAccount)(uidNumber
> =0))"
> <<- It clearly shows that something goes to the server, but not the
> username! (anyone know why? )
>
> <<-- imapd.conf in /etc --_>>
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: cyrus tarjei
> allowanonymouslogin: no
> allowplaintext: yes
> # To use the PAM for authentication (but not /etc/passwd or shadow), change
> # the following line to specify "pam" instead of "sasldb".
> sasl_pwcheck_method: pam
>
> <-- cyrus.conf in /usr/lib/sasl: -->
> pwcheck_method:PAM
>
> Is it possible to have more arguments of some kind in the service.conf file
> in lib/sasl?
>
> Also here's what I compiled cyrus-imap with:
> ./configure \
> --prefix=/usr \
> --with-openssl=/usr/include/openssl \
> --with-cyrus-prefix=/usr/cyrus \
> --with-sasl \
> --with-openssl=/usr/include/openssl \
> --disable-krb4 \
> --disable-gssapi \
> --with-cyrus-user=cyrus \
> --with-auth=unix \
> --with-perl=/usr \
> --with-cyrus-group=mail
>
> and cyrus-sasl:
> CC="gcc" \
> ./configure \
> --prefix=/usr \
> --enable-shared \
> --enable-login \
> --without-krb \
> --without-gssapi \
> --disable-anon \
> --enable-static \
> --mandir=/usr/share/man \
> --infodir=/usr/share/info \
> --with-pwcheck_method=PAM \
> --with-pam=/lib/security \
> --enable-plain \
