Can you login with another user name? What if you kill dovecot-auth process, does that reset it so that you can login again?
No -- once dovecot-auth gets a failure back, it repeats failures for any other account logins. If I kill it and try to login again, it will work once, then same problem.
auth required pam_securityserver.so
What does this do? Does it contain user login limits of any kind? Just thinking if something is waiting for the process that did PAM checking to terminate before allowing to login again..
I stole that from the pam entry for SSH -- however, your questions got me thinking. I changed it to:
auth required pam_unix.so auth sufficient pam_netinfo.so account required pam_unix.so
And this will work, repeatedly, for accounts which are set to "Basic" authentication and not the password server; the Security Server (same thing as Password Server, I believe) is the element that controls minimum password length, validity period, etc.
However, for a different account, which was converted to Password Server from Basic and then converted back again, I'm still unable to authenticate more than once.
. NO Authentication failed.
Setting "auth_verbose = yes" in config file would give better error message.
Not during telnet, however, in the mail logs:
Mar 6 21:41:55 alles imap-login: Login: scott [127.0.0.1] Mar 6 22:42:13 alles dovecot-auth: PAM unable to resolve symbol: pam_sm_authenticate Mar 6 22:42:13 alles dovecot-auth: PAM unable to resolve symbol: pam_sm_setcred Mar 6 22:42:13 alles dovecot-auth: PAM: pam_authenticate(scott) failed: Authentication failure Mar 6 21:42:14 alles imap-login: Aborted login [127.0.0.1]
It would seem that the problem is tied up with how OSX and Pam and the Security server work -- I'll keep poking at it.
Scott