Can't change password in cyrus-imapd, pam_mysql

Uno Engborg uno at webworks.se
Sun Jun 28 01:10:16 UTC 2009


Hi,
I'm trying to set up cyrus-imapd everything works except that I can't
change passwords.

I use mysql to store encrypted passwords, and saslauthd + pam_mysql

If I change the password using in mysql:
UPDATE domainuser VALUES ("user at somedomain.com"
encrypt("newpassword")); 

and then do:

testsaslauthd -u 'user at somedomain.com' -p newpassword -s imap -r
somedomain.com

It works just fine:




However, if I do

cyradm -u someuser at somedomain.com localhost

I fail to log in if I use the new password, but I can log in just fine
with the old password, I can even remove someuser at somedomain.com from
the SQL-database, and I can still login to cyradm using the old
password.

If I run saslauthd in debug mode, and try to log in to cyradm or
squirrelmail using the old password I get:

saslauthd[17805] :do_auth         : auth success: [user=someuser]
[service=imap] [realm=somedomain.com] [mech=pam]
saslauthd[17805] :do_request      : response: OK


If I use the changed password I saslauthd gives:

saslauthd[17804] :rel_accept_lock : released accept lock
saslauthd[17807] :get_accept_lock : acquired accept lock
saslauthd[17804] :do_auth         : auth failure: [user=someuser]
[service=imap] [realm=somedomain.com] [mech=pam] [reason=PAM auth error]





I get the impression that pam_mysql somehow caches usernames and
passwords.  Is there some way to turn this off, so that passwords can be
changed?



Regards
Uno Engborg








More information about the fedora-list mailing list