[KLUG Members] Cyrus IMAPD + Cyrus SASL2

[Adam Williams]

> It's me with yet another question, this time dealing with cyrus imapd and 
> cyrus sasl2.  I've read about every single cyrus imapd howto on the planet 
> at this point, and they seem lacking in a few areas. Areas that I could 
> really use fleshed out, I might add.
> I'm using Cyrus SASL2, which might be my problem.  I had some problems
> integrating SASL2 with sendmail earlier, but this time I have succeeded
> with integrating the two correctly.  I'm unsure if sasl2 will work well
> with imapd (I assume it does). My problem is this:  Imapd (which, unlike 
> the HOWTOs state, won't run from inetd, will only run from the cyrus 

Make sure you aren't mixing Cyrus 1.x and Cyrus 2.x documentation. 
There is alot of OLD documentation, including the O'Rielly IMAP book;
shred it, burn it, and stomp on the ashes.  Cyrus 1.x docs will only
make you really confused.

> master server) doesn't seem to know where the heck to find it's users.  
> Imapd.conf looks like this: 
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: cyrus root
> srvtab: /var/imap/srvtab
> allowanonymouslogin: no
> sasl_passwd_check: shadow
> Identical to the howto's, you'll notice, but it currently says 'shadow'
> where it has previously said, 'passwd', 'pam', 'sasldb', etc.  I've
> been running through the options, seeing if any of them works in a last
> ditch effort.

Effectively your using PLAIN authentication when you use LDAP, passwd,
pam, etc...  If you want to use PAM (you say your using shadow in the
above config file) you need to run saslauthd.  See the Cyrus
presentation on the KLUG FTP server (once it is back up).

> And just to make sure: 
> # /usr/local/sbin/sasldblistusers2 
> cyrus@luna: userPassword
> root@luna: userPassword

But your using shadow according the above config, sasldb only matters
for something like CRAM-MDS.

> So, we have sasl knowing where, and what is in the sasl db file, we have 
> imapd looking for (various) place for the logins, and yet, we have no 
> logins.  I can't find too many sites with this unique problems (most 
> people with these types of problems it seems are using ldap, kerberos, 
> etc.  And yet, here I am, with the simplest of installs, with bubkes.
> Here's my system setup:
> Gentoo linux (sparc) 1.4
> 2x 4.3 GB drives
> 512 MB of RAM
> Cyrus SASL v2.1.14
> Cyrus imapd v 2.1.14
> sendmail 8.12.9 (although sendmail is running fine, I believe)
> I see no errors during compilation - no lib problems, no nothin'.  As far 
> as I can tell, it's compiling and installing fine.

How exactly do you want to authentication users?  Against sasldb,
shadow, etc...?

> I dunno.  I'm about to roll back to cyrus 1.x, see what that does, but it 
> seems that the two cyrus products should work fine togther.

They do.