From owner-freebsd-ports  Tue May 16  8:28:18 2000
Delivered-To: freebsd-ports@freebsd.org
Received: from mail.wolves.k12.mo.us (mail.wolves.k12.mo.us [207.160.214.1])
	by hub.freebsd.org (Postfix) with ESMTP id 7E20C37B8D5
	for <ports@FreeBSD.ORG>; Tue, 16 May 2000 08:28:15 -0700 (PDT)
	(envelope-from cdillon@wolves.k12.mo.us)
Received: from mail.wolves.k12.mo.us (cdillon@mail.wolves.k12.mo.us [207.160.214.1])
	by mail.wolves.k12.mo.us (8.9.3/8.9.3) with ESMTP id KAA60170;
	Tue, 16 May 2000 10:28:10 -0500 (CDT)
	(envelope-from cdillon@wolves.k12.mo.us)
Date: Tue, 16 May 2000 10:28:09 -0500 (CDT)
From: Chris Dillon <cdillon@wolves.k12.mo.us>
To: "Scot W. Hetzel" <hetzels@westbend.net>
Cc: Brandon Fosdick <bfoz@Glue.umd.edu>, ports@FreeBSD.ORG
Subject: Re: Cyrus Troubles
In-Reply-To: <Pine.BSF.4.20.0005161003370.59205-100000@mail.wolves.k12.mo.us>
Message-ID: <Pine.BSF.4.20.0005161010260.59205-100000@mail.wolves.k12.mo.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 16 May 2000, Chris Dillon wrote:

> It turns out that this is not needed.  The _only_ thing that needs to
> be done is cyrus must be able to read /usr/local/etc/sasldb.db.  This
> doesn't make any sense at all to me, since pwcheck is supposed to do
> this, but cyrus isn't even talking to pwcheck.

'Tis best to double-check before I speak.  Cyrus does NOT need to read
sasldb.db.  I got cyrus to use the pwcheck daemon just by adding
"sasl_pwcheck_method: pwcheck" in imapd.conf like you mentioned
before, which I swear didn't work the first time I tried it. :-)  It
is also an undocumented method, since the only listed methods in the
documentation are "PAM", "passwd", "shadow", "sasldb", and
"kerberos_v4".

> > and in imapd.conf I use:
> > 
> > # If enabled, the partitions will also be hashed, in addition to the hashing
> > # done on configuration directories.  This is recommended if one partition
> > has
> > # a very bushy mailbox tree.
> > #
> > hashimapspool: true
> > 
> > # The mechanism used by the server to verify plaintext passwords.  Possible
> > # values include "PAM", "kerberos_v4", "passwd", and "shadow"
> > #
> > sasl_pwcheck_method: pwcheck
> 
> This isn't needed either, it seems.

As I corrected myself, it is. :-)

It still doesn't make sense, but it is.  The method that would make
sense is "sasldb", since pwcheck isn't even a valid method.  But I'll
be damned if it doesn't work. :-/

But that is ALL that is required.  sasldb.db can be readable only by
root, which the pwcheck daemon runs as.  I do suppose now that you
could run the pwcheck daemon as another user (a "sasl" user
perhaps?) and be readable by that user.

I still can't figure out how to get pwcheck to check the local unix
password database instead of sasldb.db, though.


-- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net
   FreeBSD: The fastest and most stable server OS on the planet.
   For Intel x86 and Alpha architectures. ( http://www.freebsd.org )




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message