Hi! I'm struggling with pam_mkhomedir. Accounts are stored in LDAP (CentOS Directory Server AKA 389 Directory Server). I am not pre-creating user home directories, and would like to use the pam_mkhomedir module to create the directories on the fly, when a user is authenticated via pop3s. pam_mkhomedir is working for interactive (e.g. SSH logins), but I don't want to require users to login interactively just so their home directory is created.

Dovecot version: 1.0.7

dovecot -n output:

protocols: pop3s

ssl_cert_file: /etc/pki/tls/certs/mail.ourdomain.tld.pem ssl_key_file: /etc/pki/tls/private/mail.ourdomain.tld.pem login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/pop3-login mail_privileged_group: mail mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u mail_executable: /usr/libexec/dovecot/pop3 mail_plugin_dir: /usr/lib64/dovecot/pop3 pop3_client_workarounds: oe-ns-eoh, outlook-no-nuls auth default: verbose: yes debug: yes passdb: driver: pam args: session=yes dovecot userdb: driver: ldap args: /etc/dovecot-ldap.conf

/etc/pam.d/dovecot:

authsufficientpam_ldap.so

authrequiredpam_deny.so

accountsufficientpam_ldap.so accountrequiredpam_deny.so

passwordsufficientpam_ldap.so use_authtok password requiredpam_deny.so

sessionoptionalpam_ldap.so sessionrequiredpam_mkhomedir.so skel=/etc/skel umask=0022

With the pam_mkhomedir.so line, I see the following in maillog:

Jul 14 16:14:26 mail dovecot: auth(default): client in: AUTH 1 PLAIN
service=POP3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx resp=<hidden> Jul 14 16:14:26 mail dovecot: auth(default): client out: CONT 1 Jul 14 16:14:26 mail dovecot: auth(default): client in: CONT<hidden> Jul 14 16:14:26 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx): lookup service=dovecot Jul 14 16:14:26 mail dovecot: auth(default): new auth connection: pid=25209 Jul 14 16:14:26 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx): pam_open_session() failed: Permission denied Jul 14 16:14:28 mail dovecot: auth(default): client out: FAIL 1
user=joe.schmoe Jul 14 16:14:28 mail dovecot: auth(default): client in: AUTH 2 PLAIN
service=POP3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx
resp=<hidden>

With the pam_mkhomedir.so line commented out:

Jul 14 16:15:27 mail dovecot: auth(default): client out: CONT 1 Jul 14 16:15:27 mail dovecot: auth(default): client in: CONT<hidden> Jul 14 16:15:27 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx): lookup service=dovecot Jul 14 16:15:27 mail dovecot: auth(default): client out: OK 1
user=joe.schmoe Jul 14 16:15:27 mail dovecot: auth(default): master in: REQUEST 1 25286
1 Jul 14 16:15:27 mail dovecot: auth(default): ldap(joe.schmoe,xxx.xxx.xxx.xxx): user search: base=ou=People, dc=ourdomain, dc=tld scope=subtree filter=(&(objectClass=posixAccount)(uid=joe.schmoe)) fields=homeDirectory,uidNumber,gidNumber Jul 14 16:15:27 mail dovecot: auth(default): master out: USER 1
joe.schmoe home=/home/joe.schmoe uid=1057 gid=1000 Jul 14 16:15:27 mail dovecot: POP3(joe.schmoe): mkdir_parents(/home/joe.schmoe/mail) failed: Permission denied Jul 14 16:15:27 mail dovecot: POP3(joe.schmoe): Failed to create storage with data: mbox:/home/joe.schmoe/mail:INBOX=/var/spool/mail/joe.schmoe Jul 14 16:15:27 mail dovecot: child 25292 (pop3) returned error 89 Jul 14 16:15:27 mail dovecot: pop3-login: Login: user=, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS Jul 14 16:19:05 mail dovecot: auth(default): client in: AUTH 1 PLAIN
service=POP3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx
resp=<hidden>

Any Suggestions?

Thank you!