cyrus-imap

Chris Kloiber ckloiber at ckloiber.com
Sun May 9 23:43:06 UTC 2004 

On Mon, 2004-05-10 at 05:15, David Collantes wrote:
> On 5/9/2004 7:53 AM, Chris Kloiber wrote:
> 
> > Nope, I just beat it to death (learned all I know now about it in the
> > last 2-3 hours) and I successfully used our official packages without
> > users being listed in /etc/passwd or /etc/shadow by using sasldb
> > authentication. I followed the instructions here:
> > 
> > http://asg.web.cmu.edu/cyrus/download/imapd/install.html
> > 
> > (specifically the "Authenticating Users" section)
> 
> Can you (or anyone who knows) explain this on more detail? The pointer to the 
> page, specifically that section, doesn't really cut it. The way imap.conf 
> comes with FC2T3 is:
> 
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> 
> As we all know. Also, the file on /etc/sysconfig/saslauthd contains (among 
> others):
> 
> MECH=shadow
> 
> With very little documentation about what was done on FC2T3, I created a 
> password for imap admin user cyrus (listed on /etc/imapd.conf as "admins: 
> cyrus"), --passwd cyrus--, su to it --su cyrus-- and after 'cyradm localhost', 
> authenticating with the previously set password, I was ready to add users. Now 
> those users had to be created on the system as regular users as well, just 
> like cyrus is. And, of course, saslauthd must be running and so cyrus-imap.
> 
> The above procedures work. Proved. But, as some already noticed, the users 
> created with cyradm must be also present on /etc/passwd and /etc/shadow and 
> /etc/groups... in other words, they must be users of the system, even
> 'shell-less' one's, doesn't matter, they must be real users.
> 
> So, can you, or anyone, detail as simply as I just did, how to accomplish the 
> userless (using /etc/sasldb or sasldb2) scenario?

/etc/imapd.conf:
sasl_pwcheck_method: auxprop
sasl_mech_list: PLAIN

Turn off saslauthd if nothing else is using it.

run, and create a password:
# touch /etc/sasldb2
# chown cyrus /etc/sasldb2
# saslpasswd2 cyrus
# service cyrus-imapd restart
# cyradm --user cyrus localhost

Then log in with the password you created with saslpasswd2.
I was able to create mailboxes for users with no entries in /etc/passwd
on the system, and access them from evolution. I was *NOT* able to
delete those accounts using 'dm username' I keep getting 'permission
denied'. That's something I'm probably not doing right.

-- 
Chris Kloiber

More information about the fedora-test-list mailing list