Re: [Dovecot] auth issues on centos5 with ldap backend

13 Jun 2008

      On Jun 5, 2008, at 3:47 PM, Timo Sirainen wrote:
...
On Thu, 2008-06-05 at 12:55 -0400, Jurvis LaSalle wrote:
...
Jun  5 12:37:46 khan dovecot-auth: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
rhost=127.0.0.1 user=validLDAPaccount
So the user was logged in, but an error was logged for some reason.
This error comes from PAM. Maybe you have PAM configured to do

multiple
different lookups?
Here's my dovecot PAM conf (i've manually included the include

lines).  I tried to comment out the pam_unix.so lines so that only

ldap would be checked, but that made all authentication attempts

fail.  I'm not quite sure how to trim this down so only the ldap

accounts are queried.  Any PAM experts out there?
[root@borg ~]# cat /etc/pam.d/dovecot
#%PAM-1.0
auth        required     pam_nologin.so
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass debug
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so
account     required      pam_unix.so broken_shadow debug
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in

crond quiet use_uid
session     required      pam_unix.so debug
session     optional      pam_ldap.so
Thanks,
JL