On Tue, 2009-01-13 at 09:14 +0200, Oved Ben-Aroya wrote:
which work fine, except for Outlook/OL Express users that are asked
for their password whenever they "send/receive"... We've had also
"passdb shadow" that somehow "fixed" thisThis really makes no sense. Outlook doesn't know if you're using PAM
or shadow. Do you mean that Outlook anyway can successfully log in,
but just asks the password all the time?Sorry I was not clear in my description of the problem. Yes, users of Outlook log in and read their mail just fine. However, whenever they want to refresh the inbox or send mail, they are presented with a login window of Outlook. With the "passdb shadow" directive that somehow crept in, Outlook users were not asked for password after they logged in (however this broke the password exiration).
Well, there is some difference between what PAM and shadow does. Perhaps PAM starts failing the login after some time? Enable auth_debug=yes and see what the difference is between when using shadow and pam.
The difference between Outlook/OE and other clients is that they keep logging out and back in all the time, while other clients typically log in only once. Perhaps you have a PAM plugin that limits the number of logins to once every n minutes or something?
I wonder if we need to enable authentication cache?
It shouldn't be necessary, but if the problem is something like what I described above then auth cache will probably work around the actual problem in most cases (but not all).