HPE Community
Operating System - HP-UX
1833726 Members
2582 Online
110063 Solutions
New Discussion

saslauthd on a trusted system

 
Joe Kanakaraj
Advisor

‎01-21-2006 04:11 PM

‎01-21-2006 04:11 PM

saslauthd on a trusted system

Hi Guys,

I am currently setting up an IMAP server, based on the Cyrus-IMAP Server bundled with iexpress with SASL authentication.

On my test machine I was able to configure both IMAP and SASL, and it worked perfectly.

But the hitch was that the machine was in non trusted mode and got authenticated via the passwd file. I start the saslauthd server with the following command:-

./saslauthd -a getpwent start

I trusted the system and now it is not authenticating. I guess because it has to access /tcb for the password. How can I go about starting SASL so that it authenticates users in a trusted mode? I cannot implement this solution on Production since the machine cannot be untrusted just for this.

Help would be appreciated.

Regards,

Joe

P.S:- Does anybody have an idea where I could get the old IMAP server depot?
(ixUW-IMAP A.03.00-2002e). This version is easy since it integrates well and interacts with the OS well without SASL.
Unix is simple, but it takes a genius to understand the simplicity. - quoted Dennis Ritchie
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎01-21-2006 05:19 PM

‎01-21-2006 05:19 PM

Re: saslauthd on a trusted system

Shalom Joe,

You might try uninstalling and re-installing the existing depot into the system. It may be able to figure out the system is trusted and start authenticating.

I've seen this behavior in the past.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Joe Kanakaraj
Advisor

‎01-21-2006 08:01 PM

‎01-21-2006 08:01 PM

Re: saslauthd on a trusted system

Hi Steve,

No luck there, I tried it a few times but nothing...

Joe
Unix is simple, but it takes a genius to understand the simplicity. - quoted Dennis Ritchie
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎01-21-2006 08:41 PM

‎01-21-2006 08:41 PM

Re: saslauthd on a trusted system

Shalom,

What version of openssl are you running.

An upgrade there might help. I have no idea how to obtain the older version of Cyrus imap.

Also, this may simply be a bug which you need to report to hp for correction, since they ported the software. There may be a note in the readme file.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Hemmetter
Esteemed Contributor

‎01-22-2006 10:41 PM

‎01-22-2006 10:41 PM

Re: saslauthd on a trusted system

Hey Joe

We are running:

# saslauthd -a pam

with a line

"imap session required /usr/lib/security/libpam_unix.1"

in /etc/pam.conf.


rgds
HGH
0 Kudos
Reply
Hemmetter
Esteemed Contributor

‎01-22-2006 11:37 PM

‎01-22-2006 11:37 PM

Re: saslauthd on a trusted system

I've to correct of my last post. There are 3 "imap" lines in my /etc/pam.conf:


# grep imap /etc/pam.conf
imap auth required /usr/lib/security/libpam_unix.1
imap account required /usr/lib/security/libpam_unix.1
imap session required /usr/lib/security/libpam_unix.1

rgds
HGH
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.