Fixed saslauthd authentication

4 files changed, 15 insertions, 13 deletions

diff --git a/docker/Dockerfile b/docker/Dockerfile
index f6eac989..a784d1ae 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -28,13 +28,16 @@ RUN dnf -y install google-noto-serif-fonts google-noto-sans-fonts
 
 RUN useradd -d /home/developer -m developer
 
+
+ADD rsyslog.conf /etc/rsyslog.conf
 #Setup cyrus imap
-RUN echo 'altnamespace: 0' >> /etc/imapd.conf
-RUN echo 'unixhierarchysep: 0' >> /etc/imapd.conf
+ADD imapd.conf /etc/imapd.conf
 RUN usermod -p `perl -e "print crypt("admin","Q4")"` cyrus
 RUN useradd -p `perl -e "print crypt("doe","Q4")"` doe
 RUN /usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem
-RUN saslauthd -a pam && /usr/libexec/cyrus-imapd/master -d && sleep 1 && echo "cm user.doe" | cyradm --auth PLAIN -u cyrus -w admin localhost
+RUN saslauthd -a shadow && /usr/libexec/cyrus-imapd/master -d && sleep 1 && echo "cm user.doe" | cyradm --auth PLAIN -u cyrus -w admin localhost
+#RUN echo "doe" | saslpasswd2 -p -u example.org doe
+#RUN chown cyrus:root /etc/sasldb2
 
 #DBus For KCacheGrind
 RUN dbus-uuidgen --ensure
@@ -78,6 +81,3 @@ RUN sudo chown developer:developer /home/developer/.gnupg -R
 RUN gpg2 --batch --generate-key /home/developer/keyconfig
 #Better qt support
 RUN git clone https://github.com/Lekensteyn/qt5printers.git ~/.gdb/qt5printers/
-
-ADD rsyslog.conf /etc/rsyslog.conf
-ADD imapd.conf /etc/imapd.conf
diff --git a/docker/bashrc b/docker/bashrc
index d477583c..faf93f55 100644
--- a/docker/bashrc
+++ b/docker/bashrc
@@ -2,6 +2,6 @@
 ulimit -c 0
 
 sudo rsyslogd &
-sudo saslauthd -a pam &
+sudo saslauthd -a shadow &
 sudo /usr/libexec/cyrus-imapd/master -d
 
diff --git a/docker/imapd.conf b/docker/imapd.conf
index 86b320ab..320cbd36 100644
--- a/docker/imapd.conf
+++ b/docker/imapd.conf
@@ -94,11 +94,13 @@ allowplaintext: yes
 # Possible values are "saslauthd", "auxprop", "pwcheck" and
 # "alwaystrue".  They are tried in order, you can specify more than one,
 # separated by spaces.
-# FIXME saslauthd doesn't work with caldav/carddav for unknown reasons.
-# It seems to work fine on the commandline, and from the logs the only thing
-# that could be going wrong is authentication via pam, but for imap it seems
-# to work anyways....
-sasl_pwcheck_method: alwaystrue
+# * saslauthd works when started with the shadow mech
+# * auxprop should work when:
+#   * setting default_domain: example.org
+#   * creating a password with 'echo "doe" | saslpasswd2 -p -u example.org doe' (chown cyrus:root /etc/sasldb2)
+#   * either login with doe@example.org, ensure the current hostname is example.org.
+# * We currently use the saslauthd option so we can login using just doe
+sasl_pwcheck_method: saslauthd
 
 # If enabled, the SASL library will automatically create authentication
 # secrets when given a plaintext password. Refer to SASL documentation
diff --git a/docker/startimap.sh b/docker/startimap.sh
index cb5af4f0..b80733af 100755
--- a/docker/startimap.sh
+++ b/docker/startimap.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-sudo saslauthd -a pam &
+sudo saslauthd -a shadow &
 sudo /usr/libexec/cyrus-imapd/master -d
 #Give the imap server some time to start
 sleep 1