thnx, but this didnt help ...
peter
On Tue, Nov 27, 2001 at 11:07:29AM -0500, Harry Hoffman wrote:
> Hey Peter,
> Try this:
> rename sasldb to sasldb.org. I have this problem and I still can't figure
> it why either.
>
> Regards,
> Harry
>
> cyradm -u cyrus -a cyrus localhost
>
> On Tue, 27 Nov 2001, Peter Pilsl wrote:
>
> > this mail is sent to info-cyrus and cyrus-sasl, cause I really dont
> > know where my problem is.
> >
> > cyrus-imapd-2.0.16
> > cyrus-sasl-1.5.27
> >
> > as long as I use 'sasldb'-method for imap-auth all is ok. But as soon
> > as I switch to pam, only user cyrus can login. pam works fine for
> > other apps.
> >
> > I test with #cyradm -U xxx localhost and also with imtest (output of
> > imtest see below) on the background master-process.
> >
> > I tried two pam_modules:
> > pam_pwdb.so and pam_unix.so
> >
> > $cat imap
> > #%PAM-1.0
> > auth required /lib/security/pam_pwdb.so shadow nullok
> > account required /lib/security/pam_pwdb.so
> >
> > => error in syslog (each error comes twice):
> > Nov 27 15:16:33 server2 pwdb_chkpwd[8867]: could not identify user
> > Nov 27 15:16:33 server2 pwdb_chkpwd[8867]: could not identify user
> >
> > or
> >
> > $cat imap
> > #%PAM-1.0
> > auth required /lib/security/pam_unix.so
> > account required /lib/security/pam_unix.so
> >
> > => error in syslog (each error comes twice !)
> > Nov 27 16:22:51 server2 imap(pam_unix)[20608]: authentication
> > failure; logname= uid=504 euid=504 tty= ruser= r host= user=pilsl
> > Nov 27 16:22:51 server2 imap(pam_unix)[20608]: authentication
> > failure; logname= uid=504 euid=504 tty= ruser= r host= user=pilsl
> >
> > where uid is *not* the uid of the user I tried to logon with but the
> > uid of cyrus !!
> >
> > look at the following: I tried to logon as user 'peter' and 'pilsl'
> >
> > Nov 27 16:22:51 server2 imap(pam_unix)[20608]: authentication
> > failure; logname= uid=504 euid=504 tty= ruser= r host= user=pilsl
> > Nov 27 16:23:05 server2 imap(pam_unix)[20615]: authentication
> > failure; logname= uid=504 euid=504 tty= ruser= r host= user=peter
> >
> > the same uid, but different username ! the real uid's for these users
> > are 501 and 503 ... and 504 is uid of user 'cyrus' .. (I tried to
> > fool my problem by giving all users the same passwd like cyrus, but
> > while this is a security-hazard it wont work ..)
> >
> > The same config works fine on other servers and all the other apps
> > like 'su','login' that use pam, work just fine. (so I think its not a
> > pam-problem)
> >
> > I think there is a problem in saslib, but who am I to know about the
> > in-depth-details ;) ?
> >
> > I recompiled sasl and cyrus and also tried to delete and add the user
> > cyrus and recompile again and again and always the same effect: only
> > the user that holds the uid for which cyrus thinks it the cyrus-user
> > (actually the cyrususer at compiletime) can login.
> >
> > any idea ?
> > I feel doomed here.
> >
> > thnx
> > peter
> >
> > ps: Here comes my imapd.conf, cyrus.conf and output of imtest:
> >
> > # cat /etc/imapd.conf
> > configdirectory: /data/imap/config
> > partition-default: /data/imap/spool
> > admins: cyrus pilsl
> > srvtab: /data/imap/srvtab
> > allowanonymouslogin: no
> > sasl_pwcheck_method: pam
> >
> > # cat /etc/cyrus.conf
> > # standard standalone server implementation
> >
> > START {
> > # do not delete these entries!
> > mboxlist cmd="ctl_mboxlist -r"
> > deliver cmd="ctl_deliver -r"
> >
> > # this is only necessary if using idled for IMAP IDLE
> > # idled cmd="idled"
> > }
> >
> > # UNIX sockets start with a slash and are put into /var/imap/sockets
> > SERVICES {
> > # add or remove based on preferences
> > imap cmd="imapd" listen="imap" prefork=0
> > pop3 cmd="pop3d" listen="pop3" prefork=0
> >
> > # LMTP is required for delivery
> > lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> > }
> >
> > EVENTS {
> > # this is required
> > checkpoint cmd="ctl_mboxlist -c" period=30
> >
> > # this is only necessary if using duplicate delivery suppression
> > delprune cmd="ctl_deliver -E 3" period=1440
> > }
> >
> >
> > # imtest -m login -a cyrus localhost
> > C: C01 CAPABILITY
> > S: * OK server2.local Cyrus IMAP4 v2.0.16 server ready
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
>NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
>IDLE
> > S: C01 OK Completed
> > Password:
> > C: L01 LOGIN cyrus {4}
> > + go ahead
> > C: <omitted>
> > L01 OK User logged in
> > Authenticated.
> > Security strength factor: 0
> >
> > [root@server2 root]# imtest -m login -a pilsl localhost
> > C: C01 CAPABILITY
> > S: * OK server2.local Cyrus IMAP4 v2.0.16 server ready
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
>NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
>IDLE
> > S: C01 OK Completed
> > Password:
> > C: L01 LOGIN pilsl {4}
> > + go ahead
> > C: <omitted>
> > L01 NO Login failed: authentication failure
> > Authentication failed. generic failure
> > Security strength factor: 0
> >
> >
> >
> >
> > --
> > mag. peter pilsl
> >
> > phone: +43 676 3574035
> > fax : +43 676 3546512
> > email: [EMAIL PROTECTED]
> > sms : [EMAIL PROTECTED]
> >
> > pgp-key available
> >
>
--
mag. peter pilsl
phone: +43 676 3574035
fax : +43 676 3546512
email: [EMAIL PROTECTED]
sms : [EMAIL PROTECTED]
pgp-key available
