Bug 50330 - Shadow password user authentication does not work
Shadow password user authentication does not work
Product: Red Hat Powertools
Classification: Retired
Component: cyrus-imapd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Depends On:
  Show dependency treegraph
Reported: 2001-07-30 11:04 EDT by Christopher Wong
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-04-08 14:43:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Christopher Wong 2001-07-30 11:04:39 EDT
I wanted cyrus-imapd to use the Unix password files for

authentication. To give imapd access to /etc/shadow, I put user "cyrus"

into a group "shadow" that has read privileges for /etc/shadow. I

verified that user "cyrus" can read /etc/shadow by logging in as "cyrus"

and viewing the file. I modified the sasl_pwcheck_method line in

/etc/imapd.conf to:

	sasl_pwcheck_method: shadow

This should have done the trick, as these are the popular work-arounds

that are commonly cited. But Cyrus refused to authenticate. It *will*

use the shadow passwords if I set /etc/shadow to be world readable, but

that is obviously not acceptable. I finally set /usr/cyrus/bin/imapd to

belong to group "shadow" with g+s mode, and this arrangement does

work. But Cyrus-IMAP really should work out of the box without this

undocumented (and probably unrecommended) fiddling with imapd's mode

bits and ownership.
Comment 1 Christopher Wong 2003-04-08 14:43:52 EDT
Red Hat no longer ships cyrus-imapd. Subsequent third-party RPMs if cyrus-imapd 
fixed this bug. 

Note You need to log in before you can comment on or make changes to this bug.