Hey Peter,
Try this:
rename sasldb to sasldb.org. I have this problem and I still can't figure
it why either.
Regards,
Harry
cyradm -u cyrus -a cyrus localhost
On Tue, 27 Nov 2001, Peter Pilsl wrote:
> this mail is sent to info-cyrus and cyrus-sasl, cause I really dont
> know where my problem is.
>
> cyrus-imapd-2.0.16
> cyrus-sasl-1.5.27
>
> as long as I use 'sasldb'-method for imap-auth all is ok. But as soon
> as I switch to pam, only user cyrus can login. pam works fine for
> other apps.
>
> I test with #cyradm -U xxx localhost and also with imtest (output of
> imtest see below) on the background master-process.
>
> I tried two pam_modules:
> pam_pwdb.so and pam_unix.so
>
> $cat imap
> #%PAM-1.0
> auth required /lib/security/pam_pwdb.so shadow nullok
> account required /lib/security/pam_pwdb.so
>
> => error in syslog (each error comes twice):
> Nov 27 15:16:33 server2 pwdb_chkpwd[8867]: could not identify user
> Nov 27 15:16:33 server2 pwdb_chkpwd[8867]: could not identify user
>
> or
>
> $cat imap
> #%PAM-1.0
> auth required /lib/security/pam_unix.so
> account required /lib/security/pam_unix.so
>
> => error in syslog (each error comes twice !)
> Nov 27 16:22:51 server2 imap(pam_unix)[20608]: authentication
> failure; logname= uid=504 euid=504 tty= ruser= r host= user=pilsl
> Nov 27 16:22:51 server2 imap(pam_unix)[20608]: authentication
> failure; logname= uid=504 euid=504 tty= ruser= r host= user=pilsl
>
> where uid is *not* the uid of the user I tried to logon with but the
> uid of cyrus !!
>
> look at the following: I tried to logon as user 'peter' and 'pilsl'
>
> Nov 27 16:22:51 server2 imap(pam_unix)[20608]: authentication
> failure; logname= uid=504 euid=504 tty= ruser= r host= user=pilsl
> Nov 27 16:23:05 server2 imap(pam_unix)[20615]: authentication
> failure; logname= uid=504 euid=504 tty= ruser= r host= user=peter
>
> the same uid, but different username ! the real uid's for these users
> are 501 and 503 ... and 504 is uid of user 'cyrus' .. (I tried to
> fool my problem by giving all users the same passwd like cyrus, but
> while this is a security-hazard it wont work ..)
>
> The same config works fine on other servers and all the other apps
> like 'su','login' that use pam, work just fine. (so I think its not a
> pam-problem)
>
> I think there is a problem in saslib, but who am I to know about the
> in-depth-details ;) ?
>
> I recompiled sasl and cyrus and also tried to delete and add the user
> cyrus and recompile again and again and always the same effect: only
> the user that holds the uid for which cyrus thinks it the cyrus-user
> (actually the cyrususer at compiletime) can login.
>
> any idea ?
> I feel doomed here.
>
> thnx
> peter
>
> ps: Here comes my imapd.conf, cyrus.conf and output of imtest:
>
> # cat /etc/imapd.conf
> configdirectory: /data/imap/config
> partition-default: /data/imap/spool
> admins: cyrus pilsl
> srvtab: /data/imap/srvtab
> allowanonymouslogin: no
> sasl_pwcheck_method: pam
>
> # cat /etc/cyrus.conf
> # standard standalone server implementation
>
> START {
> # do not delete these entries!
> mboxlist cmd="ctl_mboxlist -r"
> deliver cmd="ctl_deliver -r"
>
> # this is only necessary if using idled for IMAP IDLE
> # idled cmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/imap/sockets
> SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=0
> pop3 cmd="pop3d" listen="pop3" prefork=0
>
> # LMTP is required for delivery
> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> }
>
> EVENTS {
> # this is required
> checkpoint cmd="ctl_mboxlist -c" period=30
>
> # this is only necessary if using duplicate delivery suppression
> delprune cmd="ctl_deliver -E 3" period=1440
> }
>
>
> # imtest -m login -a cyrus localhost
> C: C01 CAPABILITY
> S: * OK server2.local Cyrus IMAP4 v2.0.16 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
>NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
>IDLE
> S: C01 OK Completed
> Password:
> C: L01 LOGIN cyrus {4}
> + go ahead
> C: <omitted>
> L01 OK User logged in
> Authenticated.
> Security strength factor: 0
>
> [root@server2 root]# imtest -m login -a pilsl localhost
> C: C01 CAPABILITY
> S: * OK server2.local Cyrus IMAP4 v2.0.16 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
>NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
>IDLE
> S: C01 OK Completed
> Password:
> C: L01 LOGIN pilsl {4}
> + go ahead
> C: <omitted>
> L01 NO Login failed: authentication failure
> Authentication failed. generic failure
> Security strength factor: 0
>
>
>
>
> --
> mag. peter pilsl
>
> phone: +43 676 3574035
> fax : +43 676 3546512
> email: [EMAIL PROTECTED]
> sms : [EMAIL PROTECTED]
>
> pgp-key available
>
