I'm using Dovecot 1.1.7 on CentOS 5.2.
I've changed my passdb from passwd to pam, it works fine, but I've found this messages on /var/log/secure:
dovecot-auth: PAM adding faulty module: /lib64/security/pam_limits.so dovecot-auth: PAM unable to dlopen(/lib64/security/pam_limits.so) dovecot-auth: PAM [error: /lib64/security/pam_limits.so: failed to map segment from shared object: Cannot allocate memory]
Latter I realized that my auth_process_size was 64. Changed it to 128 and problem solved.
But I suspect that dovecot should not be opening sessions, because there is no session=yes on my passdb configuration.
According to the docs:
args = dovecot
[session=yes] [setcred=yes] [failure_show_msg=yes] [cache_key=<key>] [<service name>]
session=yes makes Dovecot open and immediately close PAM session. Some PAM plugins need this to work, such as pam_mkhomedir.
I checked the source code in passdb-pam.c:
struct pam_passdb_module { struct passdb_module module;
const char *service_name, *pam_cache_key;
unsigned int pam_setcred:1;
unsigned int pam_session:1;
unsigned int failure_show_msg:1;};
And this:
/* -session for backwards compatibility */ if (strcmp(t_args[i], "-session") == 0 || strcmp(t_args[i], "session=yes") == 0) module->pam_session = TRUE;
It seams to me that the session is going to be opened anyway, since pam_session is always TRUE.
Regards,
Miguel