PAM users,
I can get Cyrus-IMAPd-2.0.13 running well using /etc/passwd for authentication, and
now wish to get it running under PAM. I set up the /etc/imapd.conf file to have the
right pwcheck_method, but it does not want to work and logs to syslog:
May 29 18:05:50 milly-test imapd[7951]: unrecognized plaintext verifier PAM
# cat /etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root sysadmin
sasl_pwcheck_method: PAM
pwcheck_method: PAM
allowplaintext: yes
allowanonymouslogin: no
singleinstancestore: yes
hashimapspool: true
sievedir: /usr/sieve
Going back to the start, and re-compiling Cyrus-SASL-1.5.24, I notice that it cant
find PAM and/or does not configure it. Is there something wrong here, and is it the
cause of my authentication problems?
# ./configure --with-prefix=/usr \
--with-pam \
--with-dblib=berkeley \
--with-dbpath=/usr/include/db3
creating cache ./config.cache
checking host system type... i686-pc-linux-gnu
checking for a BSD compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking whether make sets ${MAKE}... yes
checking for working aclocal... found
checking for working autoconf... found
checking for working automake... found
checking for working autoheader... found
checking for working makeinfo... found
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking how to run the C preprocessor... gcc -E
checking for a BSD compatible install... /usr/bin/install -c
checking for __attribute__... yes
checking for runpath switch... -Wl,-rpath,
checking build system type... i686-pc-linux-gnu
checking for ranlib... ranlib
checking for ld used by GCC... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
updating cache ./config.cache
loading cache ./config.cache within ltconfig
checking for object suffix... o
checking for executable suffix... no
checking for gcc option to produce PIC... -fPIC
checking if gcc PIC flag -fPIC works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.lo... yes
checking if gcc supports -fno-rtti -fno-exceptions ... yes
checking if gcc static flag -static works... -static
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking whether the linker (/usr/bin/ld) supports shared libraries... yes
checking command to parse /usr/bin/nm -B output... ok
checking how to hardcode library paths into programs... immediate
checking for /usr/bin/ld option to reload object files... -r
checking dynamic linker characteristics... Linux ld.so
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking for objdir... .libs
creating libtool
updating cache ./config.cache
loading cache ./config.cache
checking DB path to use... /usr/include/db3
checking for db.h... yes
checking for db_create in -ldb-3... no
checking for db_create in -ldb... yes
checking DB library to use... berkeley
checking for dlopen in -ldl... yes
checking for syslog... yes
checking for crypt... no
checking for crypt in -lcrypt... yes
checking for connect... yes
checking for pam_start in -lpam... no
checking PAM support... no <-------
checking CRAM-MD5... enabled
checking SCRAM-MD5... disabled
checking for des_pcbc_encrypt in -ldes... no
checking for RSAPublicEncrypt in -lrsaref... no
checking for des_pcbc_encrypt in -lcrypto... yes
checking for openssl/des.h... yes
checking DIGEST-MD5... enabled
checking for res_search in -lresolv... yes
checking for krb.h... no
configure: warning: No Kerberos V4 found
checking KERBEROS_V4... disabled
checking for gssapi.h... no
checking for gssapi/gssapi.h... no
configure: warning: Disabling GSSAPI
checking GSSAPI... disabled
checking ANONYMOUS... enabled
checking PLAIN... enabled
checking LOGIN... disabled
checking SRP... disabled
checking X509... disabled
checking for rc4_init in -lrc4... no
checking for RSAPublicEncrypt in -lrsaref... (cached) no
checking for RC4_set_key in -lcrypto... yes
checking for openssl/rc4.h... yes
checking rc4 support... openssl
checking for dirent.h that defines DIR... yes
checking for opendir in -ldir... no
checking for ANSI C header files... yes
checking for strchr... yes
checking for memcpy... yes
checking for getpwnam... yes
checking for getspnam... yes
checking for gettimeofday... yes
checking for getsubopt... yes
checking for snprintf... yes
checking for vsnprintf... yes
checking for getopt.h... yes
checking for unistd.h... yes
checking for crypt.h... yes
checking for pwd.h... yes
checking for shadow.h... yes
checking for paths.h... yes
checking for working const... yes
checking for inline... inline
checking for sfio.h... no
checking for getdomainname... yes
checking for getpassphrase... no
checking for getpid... yes
updating cache ./config.cache
creating ./config.status
creating Makefile
creating include/Makefile
creating lib/Makefile
creating plugins/Makefile
creating utils/Makefile
creating doc/Makefile
creating sample/Makefile
creating java/Makefile
creating java/CyrusSasl/Makefile
creating pwcheck/Makefile
creating man/Makefile
creating config.h
This is on a Redhat 7.0 machine.
# locate pam_appl.h
/usr/include/security/pam_appl.h
/usr/share/doc/pam-0.74/html/pam_appl.html
# cat /etc/pam.d/imap
auth required /lib/security/pam_unix_auth.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_unix_passwd.so
session required /lib/security/pam_unix_session.so
As you can see I only want to do basic unix_auth to start with, then use a BerkleyDB
and MySQL.
I am going crazy with this one and have not found much help to do with PAM in the
archive (perhaps it is THAT obvious).
Thanks in advance, Stuart.
