On Mon, 2004-05-10 at 05:15, David Collantes wrote:
On 5/9/2004 7:53 AM, Chris Kloiber wrote:
Nope, I just beat it to death (learned all I know now about it in the last 2-3 hours) and I successfully used our official packages without users being listed in /etc/passwd or /etc/shadow by using sasldb authentication. I followed the instructions here:
http://asg.web.cmu.edu/cyrus/download/imapd/install.html
(specifically the "Authenticating Users" section)
Can you (or anyone who knows) explain this on more detail? The pointer to the page, specifically that section, doesn't really cut it. The way imap.conf comes with FC2T3 is:
sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN
As we all know. Also, the file on /etc/sysconfig/saslauthd contains (among others):
MECH=shadow
With very little documentation about what was done on FC2T3, I created a password for imap admin user cyrus (listed on /etc/imapd.conf as "admins: cyrus"), --passwd cyrus--, su to it --su cyrus-- and after 'cyradm localhost', authenticating with the previously set password, I was ready to add users. Now those users had to be created on the system as regular users as well, just like cyrus is. And, of course, saslauthd must be running and so cyrus-imap.
The above procedures work. Proved. But, as some already noticed, the users created with cyradm must be also present on /etc/passwd and /etc/shadow and /etc/groups... in other words, they must be users of the system, even 'shell-less' one's, doesn't matter, they must be real users.
So, can you, or anyone, detail as simply as I just did, how to accomplish the userless (using /etc/sasldb or sasldb2) scenario?
/etc/imapd.conf: sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN
Turn off saslauthd if nothing else is using it.
run, and create a password: # touch /etc/sasldb2 # chown cyrus /etc/sasldb2 # saslpasswd2 cyrus # service cyrus-imapd restart # cyradm --user cyrus localhost
Then log in with the password you created with saslpasswd2. I was able to create mailboxes for users with no entries in /etc/passwd on the system, and access them from evolution. I was *NOT* able to delete those accounts using 'dm username' I keep getting 'permission denied'. That's something I'm probably not doing right.