Online Expert Day - HPE Data Storage - Live Now
April 24/25 - Online Expert Day - HPE Data Storage - Live Now
Read more
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

UW-IMAP and Trusted Mode on 11.31

George N
Advisor

UW-IMAP and Trusted Mode on 11.31

Hello all, we are using UW-IMAP from the Internet Express disc, along with Sendmail. When we enable Trusted System Mode on our server, we can no longer authenticate through IMAP. IMAP gives the "NO Invalid login credentials" error. If we turn Trusted Mode back off (tsconvert -r) then IMAP works just fine once again. Does anyone have any pointers for how to get UW-IMAP working while in Trusted Mode? Is this related to PAM somehow? I've done lots of searching and can't find any answers... Thanks.
6 REPLIES
Ismail Azad
Esteemed Contributor

Re: UW-IMAP and Trusted Mode on 11.31

Hi george,

If you are using UW-IMAP with LDAP authentication , it probably is normal behaviour. Trusted mode does have issues with NIS and LDAP {atleast such users are not supported }and I guess your problem mainly depends on the authentication protocol. My tuppence worth.

Regards
Ismail Azad
Read, read and read... Then read again until you read "between the lines".....
George N
Advisor

Re: UW-IMAP and Trusted Mode on 11.31

Hi Ismail, no we are not using LDAP. We have no LDAP in this environment. Just a stand alone server. All user accounts are listed in /etc/passwd file. After turning on Trusted Mode, the passwords are removed from /etc/passwd and replaced with a "*". I suspect this is why IMAP cannot authenticate anyone. Is there some way to make IMAP become compatible with Trusted Mode? Thanks
George N
Advisor

Re: UW-IMAP and Trusted Mode on 11.31

No one is using UW-IMAP any more these days? :(
George N
Advisor

Re: UW-IMAP and Trusted Mode on 11.31

I guess not. How unfortunate.
Matti_Kurkela
Honored Contributor

Re: UW-IMAP and Trusted Mode on 11.31

Even the vanilla source distribution of UW-IMAP has specific support for HP-UX Trusted System Mode. I'd expect the Internet Express team to have fixed the Trusted Mode support if it had some problems in the vanilla version.

If you converted to Trusted System Mode on the command line using "tsconvert", remember that it causes all the user accounts to initially be in "expired" state. To use any accounts after a command-line Trusted System conversion, you must refresh the accounts. "/usr/lbin/modprpw -V" is the canonical way to refresh all user accounts, but you might want to be more selective; also, there's at least one claim that "modprpw -V" does not always work on 11.31:

http://h30499.www3.hp.com/t5/System-Administration/modprpw-V-not-refreshing-all-users/m-p/4565654#M372155

> Is this related to PAM somehow?

Use "ldd" to check the library dependencies of the uw-imapd binary. Does it include PAM libraries?

MK

MK
George N
Advisor

Re: UW-IMAP and Trusted Mode on 11.31

No I did not use the command line, I enabled Trusted Mode through SMH. When Trusted Mode is enabled, the users are able to log in perfectly fine from the system console, or via SSH. But not through IMAP.

I ran ldd against the imapd binary and it doesn't appear to be linked against PAM.