[Dovecot] authentication problems with pam_mkhomedir
Defenestrate
defenestrate at ymail.com
Fri Jul 15 00:19:58 EEST 2011
Hi! I'm struggling with pam_mkhomedir. Accounts are stored in LDAP (CentOS
Directory Server AKA 389 Directory Server). I am not pre-creating user home
directories, and would like to use the pam_mkhomedir module to create the
directories on the fly, when a user is authenticated via pop3s. pam_mkhomedir is
working for interactive (e.g. SSH logins), but I don't want to require users to
login interactively just so their home directory is created.
Dovecot version: 1.0.7
dovecot -n output:
protocols: pop3s
>ssl_cert_file: /etc/pki/tls/certs/mail.ourdomain.tld.pem
>ssl_key_file: /etc/pki/tls/private/mail.ourdomain.tld.pem
>login_dir: /var/run/dovecot/login
>login_executable: /usr/libexec/dovecot/pop3-login
>mail_privileged_group: mail
>mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u
>mail_executable: /usr/libexec/dovecot/pop3
>mail_plugin_dir: /usr/lib64/dovecot/pop3
>pop3_client_workarounds: oe-ns-eoh, outlook-no-nuls
>auth default:
> verbose: yes
> debug: yes
> passdb:
> driver: pam
> args: session=yes dovecot
> userdb:
> driver: ldap
> args: /etc/dovecot-ldap.conf
/etc/pam.d/dovecot:
authsufficientpam_ldap.so
>authrequiredpam_deny.so
>
>
>accountsufficientpam_ldap.so
>accountrequiredpam_deny.so
>
>
>passwordsufficientpam_ldap.so use_authtok
>password requiredpam_deny.so
>
>
>sessionoptionalpam_ldap.so
>sessionrequiredpam_mkhomedir.so skel=/etc/skel umask=0022
>
>With the pam_mkhomedir.so line, I see the following in maillog:
Jul 14 16:14:26 mail dovecot: auth(default): client in: AUTH 1 PLAIN
service=POP3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx
resp=<hidden>
Jul 14 16:14:26 mail dovecot: auth(default): client out: CONT 1
Jul 14 16:14:26 mail dovecot: auth(default): client in: CONT<hidden>
Jul 14 16:14:26 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx):
lookup service=dovecot
Jul 14 16:14:26 mail dovecot: auth(default): new auth connection: pid=25209
Jul 14 16:14:26 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx):
pam_open_session() failed: Permission denied
Jul 14 16:14:28 mail dovecot: auth(default): client out: FAIL 1
user=joe.schmoe
Jul 14 16:14:28 mail dovecot: auth(default): client in: AUTH 2 PLAIN
service=POP3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx
resp=<hidden>
With the pam_mkhomedir.so line commented out:
Jul 14 16:15:27 mail dovecot: auth(default): client out: CONT 1
Jul 14 16:15:27 mail dovecot: auth(default): client in: CONT<hidden>
Jul 14 16:15:27 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx):
lookup service=dovecot
Jul 14 16:15:27 mail dovecot: auth(default): client out: OK 1
user=joe.schmoe
Jul 14 16:15:27 mail dovecot: auth(default): master in: REQUEST 1 25286
1
Jul 14 16:15:27 mail dovecot: auth(default): ldap(joe.schmoe,xxx.xxx.xxx.xxx):
user search: base=ou=People, dc=ourdomain, dc=tld scope=subtree
filter=(&(objectClass=posixAccount)(uid=joe.schmoe))
fields=homeDirectory,uidNumber,gidNumber
Jul 14 16:15:27 mail dovecot: auth(default): master out: USER 1
joe.schmoe home=/home/joe.schmoe uid=1057 gid=1000
Jul 14 16:15:27 mail dovecot: POP3(joe.schmoe):
mkdir_parents(/home/joe.schmoe/mail) failed: Permission denied
Jul 14 16:15:27 mail dovecot: POP3(joe.schmoe): Failed to create storage with
data: mbox:/home/joe.schmoe/mail:INBOX=/var/spool/mail/joe.schmoe
Jul 14 16:15:27 mail dovecot: child 25292 (pop3) returned error 89
Jul 14 16:15:27 mail dovecot: pop3-login: Login: user=<joe.schmoe>,
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS
Jul 14 16:19:05 mail dovecot: auth(default): client in: AUTH 1 PLAIN
service=POP3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx
resp=<hidden>
Any Suggestions?
Thank you!
More information about the dovecot
mailing list