As you noted with your log entries, the uid is always getting set to the
cyrus user. To me, this indicates that it is the issue with pam not
allowing the cyrus user to look at the other passwords. I am not sure
what is going on with your other machines (are they using the same pam
configuration?). Perhaps master is running as root on those boxes?
As for the applications like su and login, su is suid so it can change
uid because it runs with superuser privlidges. login normally runs as
root, and I'm not sure you actually can change uid in login if it is not
running as root.
Peter Pilsl wrote:
> While this is an interesting point cause master is running as user
> cyrus, I'm sure this is not the problem cause it works on different
> machines, where cyrus is not member of any special group ...
>
> thnx a lot,
> peter
>
>
> On Tue, Nov 27, 2001 at 11:46:28AM -0500, Todd Nemanich wrote:
>
>>I believe both of these pam modules only allow the superuser to check
>>other user's passwords. Since the server runs as user cyrus, then only
>>the cyrus user can check its password. I think you will need to use a
>>pwcheck/saslauthd daemon to check passwords in /etc/passwd or /etc/shadow.
>>
