Re: how to *not* use PAM, but sasldb2 on fedora core 5 (coming from BSD)

Fri, 31 Mar 2006 11:47:28 -0800 

Am Di, den 28.03.2006 schrieb Timo Schoeler um 18:10:

> i'm in the not-so-lucky (at least for me ;) situation to set up a FC5
> imap server.
> 
> it wants to use PAM, which runs fine for me on NetBSD 3.0 e.g., but
> this linux box won't do it:
> 
> Mar 28 11:58:48 www perl: No worthy mechs found
> Mar 28 11:58:52 www saslauthd[3238]: do_auth         : auth failure:
> [user=cyrus] [service=imap] [realm=localdomain] [mech=pam] [reason=PAM
> auth error
> 
> (this is while trying 'cyradm -u cyrus localhost')
> 
> the mechs are installed:
> 
> cyrus-sasl.i386                         2.1.21-10
> cyrus-sasl-lib.i386                   2.1.21-10
> cyrus-sasl-md5.i386                     2.1.21-10
> cyrus-sasl-plain.i386                 2.1.21-10
> cyrus-sasl-devel.i386                 2.1.21-10
> cyrus-sasl-gssapi.i386                        2.1.21-10
> cyrus-sasl-ldap.i386                  2.1.21-10
> cyrus-sasl-ntlm.i386                  2.1.21-10
> cyrus-sasl-sql.i386                   2.1.21-10

I would

yum remove cyrus-sasl-sql cyrus-sasl-ntlm cyrus-sasl-ldap
cyrus-sasl-gssapi

as those packages aren't needed for your setup. This way some mechs
aren't probed and you'll have no error log messages from them.

> so, has anyone running this setup (FC5, postfix, cyrus, managing mail 
> users via saslpasswd & friends) running, and if so, how does one get there?

> timo

Pretty easy to do what you want:

1) service saslauthd stop
2) chkconfig saslauthd off
3) vi /usr/lib/sasl2/smtpd.conf
    -> pwcheck_method: auxprop
    -> auxprop_plugin: sasldb
    -> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5   [just set those you
want to offer]
4) postfix reload
5) saslpasswd2 -c -u localdomain cyrus   [omit "-u" if it should your
`hostname`]
     add more users as required
6) chown root:mail /etc/sasldb2
7) chmod 640 /etc/sasldb2
8) vi /etc/imapd.conf
    -> sasl_pwcheck_method: auxprop
    -> sasl_auxprop_plugin: sasldb
    -> sasl_mech_list: login plain cram-md5 digest-md5   [just those
mechs to allow]
9) service cyrus-imapd restart

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 21:14:11 up 17 days, 22:01, load average: 0.05, 0.07, 0.07

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to