On Wed, 6 Feb 2008, Walton, Bryan wrote: > I'm running Cyrus IMAP 2.2.13. In my imapd.conf, I've set the line: > sasl_pwcheck_method: saslauthd > > I've configured saslauthd with: > MECHANISMS="pam" > > And I've configured pam to work with my LDAP servers. This all seems to > work great for user authentication to IMAP accounts, and I'm happy with > that. > > I've read in other places online that when using the cyradm tool (as > user cyrus), that when prompted for the IMAP password, this will only > authenticate against the SASL database, in spite of my configuration > settings above. Is this correct? I ask because it doesn't seem so in > practice. I've created a password entry in sasldb2 for the the user > cyrus, using saslpasswd2. However, if I become the cyrus user and then > issue the following command: > > cyradm --user cyrus localhost > > my authentication fails. My logs report that my LDAP directory didn't > find a cyrus user (which is true of course, because I haven't yet > created one in LDAP). > > So, in sum, is it possible to configure my IMAP server as I have done, > yet still have cyradm only authenticate via a local password stored in > sasldb2? If I have to create a cyrus user in my LDAP directory, I can. > But I would prefer not. cyradm still connects to the same IMAP server, so the IMAP server is still going to authenticate against saslauthd. I use a similar setup here with saslauthd and pam_ldap. However, I modified my /etc/pam.d/imap file to include pam_unix as well. This allows me to authenticate as the cyrus user (a local system user in /etc/passwd). It also allows me to create various service accounts for Cyrus (for use in LMTP auth and Murder) without polluting the LDAP namespace. Andy ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
