[Dovecot] 1.1.6: PAM passdb/userdb (mis)configuration
Timo Sirainen
tss at iki.fi
Tue Jan 13 19:49:47 EET 2009
On Tue, 2009-01-13 at 09:14 +0200, Oved Ben-Aroya wrote:
> > >which work fine, except for Outlook/OL Express users that are asked
> > >for
> > >their password whenever they "send/receive"... We've had also
> > >"passdb shadow"
> > >that somehow "fixed" this
> >
> > This really makes no sense. Outlook doesn't know if you're using PAM
> > or shadow. Do you mean that Outlook anyway can successfully log in,
> > but just asks the password all the time?
>
> Sorry I was not clear in my description of the problem.
> Yes, users of Outlook log in and read their mail just fine. However,
> whenever they want to refresh the inbox or send mail, they are presented
> with a login window of Outlook. With the "passdb shadow" directive that somehow
> crept in, Outlook users were not asked for password after they logged in
> (however this broke the password exiration).
Well, there is some difference between what PAM and shadow does. Perhaps
PAM starts failing the login after some time? Enable auth_debug=yes and
see what the difference is between when using shadow and pam.
The difference between Outlook/OE and other clients is that they keep
logging out and back in all the time, while other clients typically log
in only once. Perhaps you have a PAM plugin that limits the number of
logins to once every n minutes or something?
> I wonder if we need to enable authentication cache?
It shouldn't be necessary, but if the problem is something like what I
described above then auth cache will probably work around the actual
problem in most cases (but not all).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090113/55c78a30/attachment.bin
More information about the dovecot
mailing list