Can't change password in cyrus-imapd, pam_mysql
Uno Engborg
uno at webworks.se
Sun Jun 28 05:00:22 UTC 2009
sön 2009-06-28 klockan 03:10 +0200 skrev Uno Engborg:
> Hi,
> I'm trying to set up cyrus-imapd everything works except that I can't
> change passwords.
>
> I use mysql to store encrypted passwords, and saslauthd + pam_mysql
>
> If I change the password using in mysql:
> UPDATE domainuser VALUES ("user at somedomain.com"
> encrypt("newpassword"));
>
> and then do:
>
> testsaslauthd -u 'user at somedomain.com' -p newpassword -s imap -r
> somedomain.com
>
> It works just fine:
>
>
>
>
> However, if I do
>
> cyradm -u someuser at somedomain.com localhost
>
> I fail to log in if I use the new password, but I can log in just fine
> with the old password, I can even remove someuser at somedomain.com from
> the SQL-database, and I can still login to cyradm using the old
> password.
>
> If I run saslauthd in debug mode, and try to log in to cyradm or
> squirrelmail using the old password I get:
>
> saslauthd[17805] :do_auth : auth success: [user=someuser]
> [service=imap] [realm=somedomain.com] [mech=pam]
> saslauthd[17805] :do_request : response: OK
>
>
> If I use the changed password I saslauthd gives:
>
> saslauthd[17804] :rel_accept_lock : released accept lock
> saslauthd[17807] :get_accept_lock : acquired accept lock
> saslauthd[17804] :do_auth : auth failure: [user=someuser]
> [service=imap] [realm=somedomain.com] [mech=pam] [reason=PAM auth error]
>
>
>
>
>
> I get the impression that pam_mysql somehow caches usernames and
> passwords. Is there some way to turn this off, so that passwords can be
> changed?
>
>
>
> Regards
> Uno Engborg
>
>
>
Solved it!
It turned out that I was missing a "-r" flag on saslauthd
Regards
Uno Engborg
>
>
More information about the users
mailing list