So, after a little digging, I noticed that Apple changed the default behavior of the getpw* system calls under 10.3 to add the ';ShadowHash;' AuthenticationAuthority. What this means, as Apple so eloquently puts it, is:
By default in Mac OS X 10.3 and later all users will have an AuthenticationAuthority will contiain the value "ShadowHash;''. These users will have a visible password value of ``********''. These functions will have no access to the encrypted password whatsoever. Setting or changing an user password must be done entirely through the DirectoryService APIs for this default user.Aha! That would be why UW IMAP is unable to authenticate users. A quick trip to Netinfo Manager takes care of this.
- Authenticate to Netinfo Manager
- Change the user needing UW IMAP's authentication_authority to ';basic;'
- Paste in a the crypt hash of their password (can be generated with 'openssl passwd' if necessary).
- Save your changes
NOTE: making the above change has the net effect of unshadowing the system password file. This leaves you with the same password file security as was found under Jaguar. You only need to change the AuthenticationAuthority for users needing UW IMAP access. There are likely other security implications as well (insert standard disclaimer).
Next, as I had no luck getting xinetd working properly with UW IMAP (you mileage may vary), I rolled back inetd. To do this, I added the following line to /etc/inetd.conf:
imaps stream tcp nowait root /usr/libexec/tcpd /usr/sbin/imapdI then went into /System -> Library -> StartupItems -> IPServices, and edited IPServices to make the following change:
## # Internet super-server. ## ConsoleMessage "Starting internet services" # xinetd -inetd_compat -pidfile /var/run/xinetd.pid /usr/sbin/inetd ##After a reboot, everything worked fin -- yee-haw.

