Hi,
I have been running dovecot successfully on OS X Mavericks for several months. After upgrading to Yosemite, however, PAM authentication for dovecot is failing. Or rather, creating the PAM session is failing. Either way, I can't get to my e-mail.
$ /usr/pkg/sbin/dovecot --version 2.2.15
$ /usr/pkg/sbin/dovecot -n # 2.2.15: /usr/pkg/etc/dovecot/dovecot.conf # OS: Darwin 14.0.0 x86_64 hfs auth_debug = yes auth_verbose = yes mail_location = maildir:/Volumes/Secure/%u/Maildir mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = session=yes dovecot driver = pam } ssl_cert =
$ defaults read "/System/Library/CoreServices/SystemVersion" ProductVersion 10.10.1
Dec 30 13:21:47 my.host.name dovecot[49247]: auth: Debug: auth client connected (pid=49289) Dec 30 13:21:51 my.host.name dovecot[49247]: auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=3bBdlHULNgAAAAAAAAAAAAAAAAAAAAAB lip=::1 rip=::1 lport=143 rport=52278 resp=<hidden> Dec 30 13:21:51 my.host.name dovecot[49247]: auth-worker(49286): Debug: pam(markus,::1): lookup service=dovecot Dec 30 13:21:51 my.host.name dovecot[49247]: auth-worker(49286): Debug: pam(markus,::1): #1/1 style=1 msg=Password: Dec 30 13:21:51 my.host.name dovecot[49247]: auth-worker(49286): Error: pam(markus,::1): pam_open_session() failed: session failure Dec 30 13:21:53 my.host.name dovecot[49247]: auth: Debug: client passdb out: FAIL 1 user=markus
It does successfully verify my password. If I purposefully enter a wrong password the error becomes "pam_authenticate() failed: authentication error (password mismatch?)". So that portion is okay.
Do you have any suggestions how I might find out why pam_open_session() is failing? The auth process *is* running as root.
I have tried these two PAM configurations. The first one based on Maverick's /etc/pam.d/login and used to work fine on Mavericks.
# dovecot: auth account password session auth optional pam_krb5.so use_kcminit auth optional pam_ntlm.so try_first_pass auth optional pam_mount.so try_first_pass auth required pam_opendirectory.so try_first_pass account required pam_nologin.so account required pam_opendirectory.so password required pam_opendirectory.so session required pam_launchd.so session required pam_uwtmp.so session optional pam_mount.so
I tried to simplify it by using the one suggested on dovecot's PAM wiki.
# dovecot: auth account password session auth required pam_opendirectory.so try_first_pass account required pam_nologin.so account required pam_opendirectory.so password required pam_opendirectory.so
On Yosemite, neither works. Or, quite possibly, both configurations are fine and the problem lies elsewhere.
Any pointers would be greatly appreciated. In the mean time I'll be using auth-passwdfile, since that works.
Thanks, -Markus