Hide Forgot
Why no cyrus-imapd component to powertools-6.2??? The rpm's are there!! On RedHat Linux 6.1. After a download/compile/install of: cyrus-imapd-1.6.19-2.src.rpm cyrus-sasl-1.5.11-2.src.rpm I can't login to the imapd server. From my understanding PAM is the default auth method. And even with "sasl_pwcheck_method: PAM" added to the /etc/imapd.conf I still can't login. This is what "imtest -m login -p imap localhost" produces: S: * OK binary.deeper.co.nz Cyrus IMAP4 v1.6.19 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=PLAIN AUTH=DIGEST-MD5 UNSELECT S: C01 OK Completed Password: + go ahead <<pause for 3 seconds or so>> L01 NO Login failed. Error=-13 Authenticated. Security strength factor: 0 All in all very strange.
This is an unfortunate interaction of PAM and the Cyrus SASL library. The pam_unix and pam_pwdb modules use setuid-root helpers to check passwords, but due to security concerns, a program executing as any user other than root can only authenticate for the user it is running as (in this case, "cyrus", the user the imap server is executing as). Changing this behavior in PAM would weaken the security of the pam_unix and pam_pwdb modules, so I'm reluctant to make such a change. It may very well work properly using pam_radius, pam_krb5, or pam_userdb.
Well this leads me in the right direction I guess. I'm intending on playing with pam_ldap. Would this be a suitable variant to try? It doesn't require on setuid programs does it?
No, not that I'm aware of. Please follow up if this does in fact work for you.
With more experience using it, I can now verify that pam_ldap should work in this situation. Closing this bug report.
Indeed it does. I've been using pam_ldap with cyrus for some time now. Performance is much much much better than wu-imapd. I personally believe RedHat should package cyrus with RedHat Linux rather than wu-imapd. I notice that the imap daemon has changed in the latest (7.x) releases but I do not have experience with it. The benefits cyrus provides include superior performance, more security with TLS/SSL support, non shell login mail accounts, ldap integration, integrated email filtering with SIEVE and more.