[Dovecot] PAM Error on POP3s auth? And apop?
Fellow Dovecot'ers,
I've -almost- got Dovecot completely functional, and I will add that it works just fine for non-authenticated POP3.
The problem begins when I try to use authentication for same against the system's /etc/passwd section. This is the error message that comes up in /var/log/maillog
Jul 9 21:14:10 featherweb dovecot: auth(default): pam(kyrrin@bluefeathertech.com,192.168.42.40): pam_start() failed: system error Jul 9 21:14:17 featherweb dovecot: pop3-login: Aborted login: user=kyrrin@bluefeathertech.com, method=PLAIN, rip=192.168.42.40, lip=192.168.42.130, TLS
THE PLATFORM: NetBSD 3.0, Postfix 2.3-RC8 (soon to be replaced by an official release in the coming week), and whatever the current release candidate of Dovecot is.
I did some googling for that pam_start error, and discovered (much to my annoyance) that it may be a system bug within NetBSD 3.0. If that's the case, given that I don't have anywhere near the programming skill to even try and correct it, it'll mean I'm pretty much stuck until the NetBSD developers fix it, or until I can figure out an alternate authentication method that won't be an administrative nightmare.
Does anyone have any ideas on this? For the benefit of poking and pondering, this is the relevant section of my dovecot.conf file.
auth default { # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi mechanisms = plain login passdb pam { } userdb passwd { } socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } }
And this is the contents of the file 'dovecot' in the directory /etc/pam.d
# PAM configuration for the "dovecot" subsystem. # # auth auth required pam_nologin.so no_warn auth required pam_unix
That entry should, in theory, block all logins if the /etc/nologin file is present, and then hand off to the pam_unix module if it's not. pam_unix, in NetBSD, is the module that authenticates against the /etc/passwd file.
As I said, further thoughts would be welcome. If it is a NetBSD system bug causing that pam_auth error, ideas for a simple workaround until the NetBSD crew gets things patched up would also be welcome.
Thanks in advance.
-=-=-=-=-=-=-=-=-=-=-=- Bruce Lane, Owner & Head Hardware Heavy, Blue Feather Technologies -- http://www.bluefeathertech.com kyrrin (at) bluefeathertech do/t c=o=m "If Salvador Dali had owned a computer, would it have been equipped with surreal ports?"
Bruce Lane wrote:
Fellow Dovecot'ers,
I've -almost- got Dovecot completely functional, and I will add that it works just fine for non-authenticated POP3.
The problem begins when I try to use authentication for same against the system's /etc/passwd section. This is the error message that comes up in /var/log/maillog
Wait... why have you configured it to use PAM, when you say you want it to auth against /etc/passwd? If you really _do_ want to use /etc/passwd, set your userdb to 'passwd', and your passwd to either 'passwd' or 'shadow', whichever suits your system.
-- Curtis Maloney cmaloney@cardgate.net
Good day, Curtis,
*********** REPLY SEPARATOR ***********
On 10-Jul-06 at 15:34 Curtis Maloney wrote:
Fellow Dovecot'ers,
I've -almost- got Dovecot completely functional, and I will add that it works just fine for non-authenticated POP3.
The problem begins when I try to use authentication for same against
Bruce Lane wrote: the system's /etc/passwd section. This is the error message that comes up in /var/log/maillog
Wait... why have you configured it to use PAM, when you say you want it to auth against /etc/passwd? If you really _do_ want to use /etc/passwd, set your userdb to 'passwd', and your passwd to either 'passwd' or 'shadow', whichever suits your system.
I'm confused... I thought use of PAM was required, in this context, to authenticate against /etc/passwd...?
Also, after some reading on the subject, using PAM seemed to add the promise of future flexibility if I decided to add other authentication methods.
I will try setting it up as you describe, and see where it leads me. Thanks much.
-=-=-=-=-=-=-=-=-=-=-=- Bruce Lane, Owner & Head Hardware Heavy, Blue Feather Technologies -- http://www.bluefeathertech.com kyrrin (at) bluefeathertech do/t c=o=m "If Salvador Dali had owned a computer, would it have been equipped with surreal ports?"
participants (2)
-
Bruce Lane
-
Curtis Maloney