Hello, My authentication problem is in the saslauthd -> PAM part. I think I need to configure PAM to use SASL and /etc/sasldb2 file to authenticate users. It look like it is currently checking for UNIX username / pass:
May 17 15:48:13 localhost unix_chkpwd[28032]: check pass; user unknown May 17 15:48:13 localhost imap(pam_unix)[28018]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= May 17 15:48:15 localhost saslauthd[28018]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure May 17 15:48:15 localhost saslauthd[28018]: do_auth : auth failure: [user=feedback] [service=imap] [realm=my-domain.com] [mech=pam] [reason=PAM auth error] My /etc/pam.d/imap file looks like this: # cat /etc/pam.d/imap #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth I looked at /lib/security/pam_*.so shared libs, but didn't see anything with *sasl* in the name. How should I configure PAM to use SASL and /etc/sasldb2? I think that is what I need to do. Thanks! Otis P.S. Example of OK when UNIX account exists, and NO when it doesn't: # man /usr/sbin/testsaslauthd # /usr/sbin/testsaslauthd -u feedback -p XXX 0: OK "Success." # userdel feedback # /usr/sbin/testsaslauthd -u feedback -p XXX 0: NO "authentication failed" --- [EMAIL PROTECTED] wrote: > Hello, > > (I think this message got pushed down by the recent list spam, so I'm > resending it, hoping it will catch somebody's attention) > > I'm trying to configure Cyrus IMAP (cyrus-imapd-2.2.6-2.FC3.6 - > Fedora > Code 3 package) to serve multiple domains. I have it accept email > from > Postfix when I don't use multiple (virtual) domains, but not with > "virtdomains: yes" in /etc/imapd.conf. > > Here is what I have in /etc/imapd.conf: > > ... <standard stuff taken out> ... > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN > tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem > tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem > tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt > > # OG: added > virtdomains: on > defaultdomain: my-domain.com > unixhierarchysep: 1 > loginrealms: localdomain my-domain.com > > If I comment out the last 4 lines, then I _can_ create new mailboxes > with cyradm (e.g. createmailbox user.otis.Trash). However, I need > this > server to serve email for multiple domains, so I need to be able to > do > "cm user/[EMAIL PROTECTED]") > > I've followed this: > > http://asg.web.cmu.edu/cyrus/download/imapd/install-virtdomains.html > > But that results in this: > > cyradm -u cyrus localhost 143 > IMAP Password: > localhost.localdomain> cm [EMAIL PROTECTED] > createmailbox: Invalid mailbox name > > I also tried this: > > localhost.localdomain> cm user/[EMAIL PROTECTED] > createmailbox: Invalid mailbox name > > I presume that's because Cyrus doesn't know about "my-domain.com". > How > do I tell it about "my-domain.com"? > > I also read this: > http://www.phildev.net/cyrus/cyrus_sasl.html > > But that had a few errors, so I gave up around half of the job. > Perhaps Cyrus and cyradm would know about "my-domain.com" if I called > cyradm like this: > > cyradm -u cyrus my-domain.com 143 > > ? > I tried that, but my-domain.com domain is not really configured yet > (DNS points to a different, old machine), so I can't really try that. > > Any help would be appreciated. > > Thanks, > Otis > P.S. > Similar thread is here, but this doesn't seem to work for me: > http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=35013 > > --- > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
