[Dovecot] PAM authentication fails

Egbert Jan van den Bussche egbert at vandenbussche.nl
Sun Aug 29 21:51:02 EEST 2010 

Hi,

I'm fighting all weekend on with auth and pam to authenticate local 
system users. testuser is such local user and is in passwd and shadow. I 
want to have local system users (testuser is one of them) and virtual 
users. The virtual part works fine but I cannot get the local user to 
connect.
Still pam fails finding the user. The suggested password mismatch at the 
end is, in my eyes, because there is no user in the first place. I 
verified the password by interactive login to the account. The pam 
module (dovecot) is just the default file with three @includes in it.

Syslog:
Aug 29 20:18:02 mail-dev dovecot: auth(default): client in: 
AUTH#0112#011LOGIN#011service=imap#011lip=2a02:968:1:2:212:72:224:16#011rip=2001:888:1740:10:250:daff:fe41:4d1c#011lport=143#011rport=1093

Aug 29 20:18:02 mail-dev dovecot: auth(default): client out: 
CONT#0112#011VXNlcm5hbWU6

Aug 29 20:18:02 mail-dev dovecot: auth(default): client in: 
CONT#0112#011dGVzdHVzZXI=

Aug 29 20:18:02 mail-dev dovecot: auth(default): client out: 
CONT#0112#011UGFzc3dvcmQ6

Aug 29 20:18:02 mail-dev dovecot: auth(default): client in: 
CONT#0112#011dmF4dm1z

Aug 29 20:18:02 mail-dev dovecot: auth-worker(default): 
pam(testuser,2001:888:1740:10:250:daff:fe41:4d1c): lookup service=dovecot

Aug 29 20:18:02 mail-dev dovecot: auth-worker(default): 
pam(testuser,2001:888:1740:10:250:daff:fe41:4d1c): #1/1 style=1 
msg=Password:

Aug 29 20:18:02 mail-dev dovecot: auth(default): 
cache(testuser,2001:888:1740:10:250:daff:fe41:4d1c): miss

Aug 29 20:18:04 mail-dev dovecot: auth(default): 
cache(testuser,2001:888:1740:10:250:daff:fe41:4d1c): hit:

Aug 29 20:18:04 mail-dev dovecot: auth(default): 
cache(testuser,2001:888:1740:10:250:daff:fe41:4d1c): User unknown

Aug 29 20:18:04 mail-dev dovecot: auth-worker(default): 
pam(testuser,2001:888:1740:10:250:daff:fe41:4d1c): pam_authenticate() 
failed: Authentication failure (password mismatch?) (given password: 
xxxxxxxx)

Aug 29 20:18:06 mail-dev dovecot: auth(default): client out: 
FAIL#0112#011user=testuser


Relevant settings in dovecot:
root at mail-dev:/etc/dovecot# dovecot -n
# 1.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-24-server x86_64 Ubuntu 10.04.1 LTS ext4
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap pop3 imaps pop3s managesieve
listen: *, [::]
ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
ssl_key_file: /etc/ssl/private/ssl-mail.key
ssl_cipher_list: 
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
mail_max_userip_connections(default): 10
mail_max_userip_connections(imap): 10
mail_max_userip_connections(pop3): 3
mail_max_userip_connections(managesieve): 10
mail_privileged_group: mail
mail_location: maildir:/home/vmail/%d/%n:INDEX=/home/vmail/%d/%n
mail_debug: yes
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
imap_client_workarounds(default): outlook-idle delay-newmail
imap_client_workarounds(imap): outlook-idle delay-newmail
imap_client_workarounds(pop3):
imap_client_workarounds(managesieve):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve):
lda:
   postmaster_address: postmaster
   deliver_log_format: msgid=%m: %$
   rejection_reason: Your message to <%t> was automatically rejected:%n%r
   auth_socket_path: /var/run/dovecot/auth-master

auth default:
   mechanisms: plain login
   realms: kader.hcc.nl hobby.nl
   cache_size: 1024
   user: vmail
   verbose: yes
   debug: yes
   debug_passwords: yes
   passdb:
     driver: pam
     args: setcred=yes failure_show_msg=yes cache_key=%u dovecot
   passdb:
     driver: sql
     args: /etc/dovecot/dovecot-sql.conf
   userdb:
     driver: passwd
   userdb:
     driver: sql
     args: /etc/dovecot/dovecot-sql.conf
   socket:
     type: listen
     client:
       path: /var/spool/postfix/private/dovecot-auth
       mode: 432
       user: postfix
       group: postfix
     master:
       path: /var/run/dovecot/auth-master
       mode: 384
       user: vmail
       group: vmail

Where should I look further for this dovecot pam problem? Is there such 
a thing as pam debugging?

TIA
Egbert Jan

More information about the dovecot mailing list