Re: [Dovecot] dovecot Digest, Vol 57, Issue 55
I'm trying to configure PAM authentication and I'm having some issues. I'm using RHEL 5 and included below are excerpts from my relevant configuration and log files:
*/var/log/maillog* Jan 19 10:55:39 flacpmail dovecot: imap-login: Aborted login: user=<test>, method=PLAIN, rip=::ffff:128.8.244.15, lip=::ffff:128.8.244.161, TLS
*/etc/dovecot.conf* passdb pam { args = session=yes dovecot # also tried args = session=yes * }
*/etc/pam.d/dovecot* #%PAM-1.0 auth required pam_unix.so nullok auth include system-auth account include pam_unix.so session include system-auth
Thanks in advnaced,
Sean Smitz System Administrator Fujitsu Laboratories of America 8400 Baltimore Ave, Suite 302 College Park, MD 20740 (301) 486-0298 (Desk)
On Sat, 2008-01-19 at 11:08 -0500, Sean Smitz wrote:
I'm trying to configure PAM authentication and I'm having some issues. I'm using RHEL 5 and included below are excerpts from my relevant configuration and log files:
*/var/log/maillog* Jan 19 10:55:39 flacpmail dovecot: imap-login: Aborted login: user=<test>, method=PLAIN, rip=::ffff:128.8.244.15, lip=::ffff:128.8.244.161, TLS
Set auth_debug=yes. It might show something more useful. But if the problem is with PAM, you'll need to look at its log files (/var/log/authlog or something).
I forgot to change the subject originally... With auth_debug = yes
/var/log/maillog:
Jan 20 11:23:35 flacpmail dovecot: Dovecot v1.0.rc15 starting up
Jan 20 11:23:47 flacpmail dovecot: auth(default): client in: AUTH
1 PLAIN service=IMAP secured lip=::ffff:128.8.244.161
rip=::ffff:128.8.244.15
Jan 20 11:23:47 flacpmail dovecot: auth(default): client out: CONT 1
Jan 20 11:23:47 flacpmail dovecot: auth(default): client in: CONT<hidden>
Jan 20 11:23:47 flacpmail dovecot: auth(default):
pam(test,::ffff:128.8.244.15): pam_authenticate() failed: Authentication
failure
Jan 20 11:23:48 flacpmail dovecot: auth(default): client out: FAIL
1 user=test
Jan 20 11:23:48 flacpmail dovecot: auth(default): client in: AUTH
2 PLAIN service=IMAP secured lip=::ffff:128.8.244.161
rip=::ffff:128.8.244.15 resp=<hidden>
Jan 20 11:23:48 flacpmail dovecot: auth(default):
pam(test,::ffff:128.8.244.15): pam_authenticate() failed: Authentication
failure
Jan 20 11:23:50 flacpmail dovecot: auth(default): client out: FAIL
2 user=test
Jan 20 11:23:53 flacpmail dovecot: imap-login: Aborted login:
user=<test>, method=PLAIN, rip=::ffff:128.8.244.15,
lip=::ffff:128.8.244.161, TLS
/var/log/audit/audit.log: type=USER_AUTH msg=audit(1200848003.207:195): user pid=29718 uid=0 auid=0 subj=root:system_r:dovecot_auth_t:s0 msg='PAM: authentication acct=test : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:128.8.244.15, addr=::ffff:128.8.244.15, terminal=dovecot res=failed)' type=USER_AUTH msg=audit(1200848005.099:196): user pid=29719 uid=0 auid=0 subj=root:system_r:dovecot_auth_t:s0 msg='PAM: authentication acct=test : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:128.8.244.15, addr=::ffff:128.8.244.15, terminal=dovecot res=failed)'
Sean Smitz System Administrator Fujitsu Laboratories of America 8400 Baltimore Ave, Suite 302 College Park, MD 20740 (301) 486-0298 (Desk)
Timo Sirainen wrote:
On Sat, 2008-01-19 at 11:08 -0500, Sean Smitz wrote:
I'm trying to configure PAM authentication and I'm having some issues. I'm using RHEL 5 and included below are excerpts from my relevant configuration and log files:
*/var/log/maillog* Jan 19 10:55:39 flacpmail dovecot: imap-login: Aborted login: user=<test>, method=PLAIN, rip=::ffff:128.8.244.15, lip=::ffff:128.8.244.161, TLS
Set auth_debug=yes. It might show something more useful. But if the problem is with PAM, you'll need to look at its log files (/var/log/authlog or something).
On Sun, 2008-01-20 at 12:00 -0500, Sean Smitz wrote:
pam(test,::ffff:128.8.244.15): pam_authenticate() failed: Authentication failure .. type=USER_AUTH msg=audit(1200848003.207:195): user pid=29718 uid=0 auid=0 subj=root:system_r:dovecot_auth_t:s0 msg='PAM: authentication acct=test : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:128.8.244.15, addr=::ffff:128.8.244.15, terminal=dovecot res=failed)'
Unfortunately PAM's logging doesn't tell much of anything about the actual problem.
It's anyway a PAM configuration issue. Make sure /etc/pam.d/dovecot exists and is correct.
participants (2)
-
Sean Smitz
-
Timo Sirainen