I'm using pam to authenticate users against my krb5 realm. Here is the
problem scenario:
User test2 attempts to login and their password is not expired so
dovecot says:
0 login test2 myfavoritepassword
0 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH
ESORT SEARCHRES WITHIN CONTEXT=SEARCH] Logged in
1 logout
- BYE Logging out 1 OK Logout completed.
User test1 attempts to login, but their password is expired. So
dovecot says:
0 login test1 myfavoritepassword
0 NO d expired
User test2 attempts to login and their password is not expired. But
dovecot still says:
0 login test2 myfavoritepassword
0 NO d expired
If I kill the pid with name "dovecot-auth -w", user test2 can login
just fine unless I login with the user test1 before trying user test2.
So it seems like something is getting cached. I'm running imap-login
out of inetd, in case that matters.
In my dovecot.conf, I don't have any caching/authentication variables
activated. I don't see anything obvious to type in passdb pam{ } to
type.
For debug, I've enable pam for telnet and tested that without error.
Also, the logs show that test2
This is dovecot revision 9062:694714d59cd9 . Looking at the logs, I
see user test2 authenticate correctly in all instances.
thanks, Jonathan