Bug 50330 - Shadow password user authentication does not work
Summary: Shadow password user authentication does not work
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Powertools
Classification: Retired
Component: cyrus-imapd
Version: 7.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-07-30 15:04 UTC by Christopher Wong
Modified: 2008-05-01 15:38 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2003-04-08 18:43:52 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Christopher Wong 2001-07-30 15:04:39 UTC 
I wanted cyrus-imapd to use the Unix password files for

authentication. To give imapd access to /etc/shadow, I put user "cyrus"

into a group "shadow" that has read privileges for /etc/shadow. I

verified that user "cyrus" can read /etc/shadow by logging in as "cyrus"

and viewing the file. I modified the sasl_pwcheck_method line in

/etc/imapd.conf to:



	sasl_pwcheck_method: shadow



This should have done the trick, as these are the popular work-arounds

that are commonly cited. But Cyrus refused to authenticate. It *will*

use the shadow passwords if I set /etc/shadow to be world readable, but

that is obviously not acceptable. I finally set /usr/cyrus/bin/imapd to

belong to group "shadow" with g+s mode, and this arrangement does

work. But Cyrus-IMAP really should work out of the box without this

undocumented (and probably unrecommended) fiddling with imapd's mode

bits and ownership.
Comment 1 Christopher Wong 2003-04-08 18:43:52 UTC 
Red Hat no longer ships cyrus-imapd. Subsequent third-party RPMs if cyrus-imapd 
fixed this bug.
Note You need to log in before you can comment on or make changes to this bug.