Hi,
I'm not sure what a "realm" is (I don't know much about SASL, or anything about PAM), but this doesn't seem like it should be a tricky Cyrus-IMAP configuration.
What happens if you drop the "-r example.com" from your tests, and instead specify the username as the fully-qualified "test@xxxxxxxxxxx"?
What's your imapd.conf setting for "virtdomains"? Note that if this is unspecified, the default is "off" (for historical reasons...), but "off" is not recommended for any deployment. You probably want "virtdomains: userid" -- which ought to be the only option, but cannot be right now (for historical reasons...).
If you can drop use of realms entirely, then getting virtdomains set correctly and using fully-qualified userids might get you going. But maybe PAM requires the use of realms, and you can't drop them, in which case maybe this isn't helpful.
On Mon, 24 Jul 2023, at 3:59 AM, Richard wrote:
The log message suggests that the user is being passed, but the realm is not. Which makes no sense to me.
It might be that the Cyrus-IMAP implementation assumes a configuration like the above, and so nobody got around to figuring out how to do realms properly/at all. I seem to recall others asking about PAM and/or realms recently, probably on the SASL list, but I don't remember there having been a good answer.
Cheers,
ellie
