I have been running cyrus-imapd for over a month without any problems.
This week, I suddenly started to receive authentication errors when
trying to logon to the imap server to check mail. All (two) users are
affected. The only thing that I think has changed with the system is
upgrading of either/both pam and cyrus-imapd from Ximian's red-carpet
update tool (I don't remember which of these packages and when they were
installed). I am running RedHat 7.1 on i386 with the cyrus-imapd-2.0.9-3
and pam-0.75-14 packages. From the archives, I followed a tip to change
the group of the /etc/shadow and /usr/cyrus/bin/imapd files to shadow
and to add read rights to group pn /etc/shadow. This did not help.
Here are the errors as reported in the messages file:
...
Dec 11 02:29:30 localhost master[2046]: process started
Dec 11 02:29:30 localhost ctl_mboxlist[2048]: running mboxlist recovery
Dec 11 02:29:30 localhost ctl_mboxlist[2048]: done running mboxlist
recovery
Dec 11 02:29:31 localhost master[2046]: no service 'sieve' in
/etc/services, disabling sieve
Dec 11 02:29:31 localhost master[2046]: ready for work
Dec 11 02:29:31 localhost ctl_mboxlist[2050]: checkpointing mboxlist
Dec 11 02:29:31 localhost pidof: 2046
Dec 11 02:29:31 localhost cyrus: succeeded
Dec 11 02:29:48 localhost kernel: usb-uhci.c: interrupt, status 3,
frame# 1684
Dec 11 02:30:09 localhost imap(pam_unix)[2056]: authentication failure;
logname= uid=76 euid=76 tty= ruser= rhost= user=jshep
...
imtest output:
> imtest -a jshep shep
C: C01 CAPABILITY
S: * OK shep Cyrus IMAP4 v2.0.9 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE X-NETSCAPE
S: C01 OK Completed
Password:
C: L01 LOGIN jshep {8}
+ go ahead
C: <omitted>
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.
My /etc/imapd.conf:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
# To use the PAM for authentication (but not /etc/passwd or shadow),
change
# the following line to specify "pam" instead of "sasldb".
sasl_pwcheck_method: pam
My /etc/pam.d/imap:
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
My /etc/cyrus.conf:
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd="ctl_mboxlist -r"
deliver cmd="ctl_deliver -r"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="/usr/cyrus/bin/imapd" listen="imap" prefork=0
imaps cmd="/usr/cyrus/bin/imapd -s" listen="imaps" prefork=0
pop3 cmd="/usr/cyrus/bin/pop3d" listen="pop3" prefork=0
pop3s cmd="/usr/cyrus/bin/pop3d -s" listen="pop3s" prefork=0
sieve cmd="/usr/cyrus/bin/timsieved" listen="sieve" prefork=0
# at least one LMTP listener is required for proper delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="/usr/cyrus/bin/lmtpd" listen="/var/imap/socket/lmtp"
prefork=0
}
EVENTS {
# this is required
checkpoint cmd="ctl_mboxlist -c" period=30
# this is only necessary if using duplicate delivery suppression
#delprune cmd="ctl_deliver -E 3" period=1440
}
I am not stuck on using pam, I would just like to have the imap server
use regular login passwords for authentication. Thanks for any help.
-Jim
