Red Hat Bugzilla – Bug 11573
Authentication Fails when logging into cyrus-imapd
Last modified: 2008-05-01 11:37:55 EDT
Why no cyrus-imapd component to powertools-6.2??? The rpm's are there!!
On RedHat Linux 6.1.
After a download/compile/install of:
I can't login to the imapd server.
From my understanding PAM is the default auth method. And even with
"sasl_pwcheck_method: PAM" added to the /etc/imapd.conf I still can't
This is what "imtest -m login -p imap localhost" produces:
S: * OK binary.deeper.co.nz Cyrus IMAP4 v1.6.19 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=PLAIN AUTH=DIGEST-MD5
S: C01 OK Completed
+ go ahead
<<pause for 3 seconds or so>>
L01 NO Login failed. Error=-13
Security strength factor: 0
All in all very strange.
This is an unfortunate interaction of PAM and the Cyrus SASL library. The
pam_unix and pam_pwdb modules use setuid-root helpers to check passwords, but
due to security concerns, a program executing as any user other than root can
only authenticate for the user it is running as (in this case, "cyrus", the
user the imap server is executing as).
Changing this behavior in PAM would weaken the security of the pam_unix and
pam_pwdb modules, so I'm reluctant to make such a change. It may very well
work properly using pam_radius, pam_krb5, or pam_userdb.
Well this leads me in the right direction I guess. I'm intending on playing
with pam_ldap. Would this be a suitable variant to try? It doesn't require on
setuid programs does it?
No, not that I'm aware of. Please follow up if this does in fact work for you.
With more experience using it, I can now verify that pam_ldap should work in
this situation. Closing this bug report.
Indeed it does. I've been using pam_ldap with cyrus for some time now.
Performance is much much much better than wu-imapd. I personally believe RedHat
should package cyrus with RedHat Linux rather than wu-imapd. I notice that the
imap daemon has changed in the latest (7.x) releases but I do not have
experience with it.
The benefits cyrus provides include superior performance, more security with
TLS/SSL support, non shell login mail accounts, ldap integration, integrated
email filtering with SIEVE and more.