I am trying to get my IMAP server (cyrus-imapd) to authenticate using saslauthd. I am getting the following error in the /var/log/messages file when attempting to authenticate:

Jul 6 23:03:54 mail imap[6230]: cannot connect to saslauthd server: Permission denied

Now, I've looked at the permissions of the /var/run/saslauthd/mux file and all directories in the path. Everyone has -x permission on the directories and permissions are 777 on the mux.

So, I've been reading that imapd might be looking in a different place for saslauthd's socket, so I added the following line to my /etc/imapd.conf file just to make sure that it was going to the right place:

sasl_saslauthd_path: /var/run/saslauthd/mux


I'm still getting the error. What should I try now?

in your cyrus deamon config file: imap.conf, or imapd.conf, in /etc i think it is, you need to set the 'admin' username (cyrus?)
dont forget to restart the service, to reread the config file
with sasl you run saslpasswd cyrus (you might need an option for adding a user perhaps -a) so saslpasswd -a cyrus
you will be promted for a password which you want to assign to this user
login to cyradm -u cyrus localhost (i assume... - havent done it in some time!)

I tried what you suggested, and I haven't been able to get this resolved yet. The imapd.conf file already had cyrus as the admin. I set the password for cyrus, but the account seems to have already been created. I'm not sure exactly what I can do in cyradm to resolve this issue. Could you expound on what should be done in cyradm? Thanks so much for the help.

this is the only thing i found in my old config file, i dont run my mailserver anymore!
sasl_pwcheck_method: saslauthd

also, if you are running postfix, have a look in this dir:
/var/spool/postfix/var/run/saslauthd

i shall powerup my mailserver on sat and have a look for you, perhaps i can find some stuff that might help.
unfort. it is late here already, so i shal go to bed, and i am out tomorrow evening. hope sat is fine with you.

I would certainly appreciate it.

When I'm running cyradm, I'm seeing it prompt me for "IMAP Password:". I don't know where this is set. Perhaps the issue is that the imapd daemon is trying to connect to the mux successfully, but is being rejected by the saslauthd daemon itself. However, I don't know where to set what password imapd gives saslauthd either. Can anyone enlighten me on how these two daemons interact?

this password is set with
#saslpasswd [-a|-x|...] <cyrus_username>
you need to run cyradm with the username cyrus
so either:
#su cyrus
and then run cyradm
or:
#cyradm -u cyrus localhost
-u secifies the username you wish to use to connect to the cyrus imap server

I made sure that I knew the password for the cyrus admin (cyrus). I tried both approaches you suggested, but this output is from my su - cyrus attempt.

bash-3.00$ cyradm -auth PLAIN localhost
Password:
IMAP Password:
Login failed: generic failure at /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to server with PLAIN as cyrus

r u running sasl2?
i dont even find the sasl socket anywhere on my computer!!
and it is working fine!
you want ssh access to sniff arround yourself?

I don't really feel comfortable SSH'ing to your machine, but I certainly appreciate the offer.

I'm not running sasl2 to my knowledge. When I do a ps -ef | grep sasl, all I see is saslauthd. Do I need to be running sasl2? What's the difference? Thanks so much for all the help, Nathanael.

*bump*

*bump* what?

I was just trying to get the thread to the top of the forum to get a few more views. I'm accepting defeat on this one, though. I just went with dovecot instead.

cyradm --user mail0001 --server localhost --auth plain
> > Password:
> > IMAP Password:
> > Login failed: authentication failure
> > at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-
> > multi/Cyrus/IMAP/Admin.pm line 118
> > cyradm: cannot authenticate to server with plain as mail0001
> >
> > This was a real head-banger. The problem is that redhat starts
> > saslauthd with shadow authentication mechanism by defualt. However, we
> > need pam authentication. To change this, edit the file:
> > /etc/sysconfig/saslauthd
> > Where it says:
> > MECH=shadow
> > Change it to:
> > MECH=pam
> > Save, close and (re)start saslauthd. You can now use the built-in
> > "/etc/init.d/saslauthd start" script to start this service.
> >
> > 8. Make sure all required processes are running:
> > $ /etc/init.d/httpd start
> > $ /etc/init.d/mysqld start
> > $ /etc/init.d/cyrus-imapd start
> > $ postfix start
> > $ /etc/init.d/saslauthd start
> >
> > Well, that's how I got it to work! Let me know if there are any
> > errors/omissions...
> >