[Dovecot] Dovecot 1.2.x passwd and shadow auth w/ PAM
I'm trying to get authentication to work without PAM and just use the standard shadow and passwd files.
auth default {
userdb passwd { }
passdb shadow { }
}
This seems to be valid code to use /etc/passwd and /etc/shadow.
My linux distro is using Salted MD5. Though Dovecot keeps telling me that authentication failed. It doesn't give me any error messages regarding the config.
Any ideas?
-- Steve King
Senior Linux Engineer - Advance Internet, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
Turning on auth debugging
May 10 18:09:22 auth(default): Info: shadow(mjb,69.2.98.5): lookup May 10 18:09:22 auth(default): Info: shadow(mjb,69.2.98.5): unknown user
These messages suggest that the auth mechanisms can't find the user. Though the user clearly exists in both /etc/passwd and /etc/shadow.
On 5/10/11 6:07 PM, Steven King wrote:
I'm trying to get authentication to work without PAM and just use the standard shadow and passwd files.
auth default {
userdb passwd { }
passdb shadow { }
}
This seems to be valid code to use /etc/passwd and /etc/shadow.
My linux distro is using Salted MD5. Though Dovecot keeps telling me that authentication failed. It doesn't give me any error messages regarding the config.
Any ideas?
-- Steve King
Senior Linux Engineer - Advance Internet, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
On 11.5.2011, at 1.10, Steven King wrote:
Turning on auth debugging
May 10 18:09:22 auth(default): Info: shadow(mjb,69.2.98.5): lookup May 10 18:09:22 auth(default): Info: shadow(mjb,69.2.98.5): unknown user
These messages suggest that the auth mechanisms can't find the user. Though the user clearly exists in both /etc/passwd and /etc/shadow.
getspnam() doesn't see the user existing. There are 3 possibilies that I can think of:
the user truely doesn't exist in there
the file can't be opened due to auth process being run without root privileges (default in v2.0) - dovecot -n output would show this
SELinux or similar preventing Dovecot from accessing /etc/shdadow
Interesting... #2 corrected it. Set the auth process to run as root...
Is that safe?
On 5/10/11 6:13 PM, Timo Sirainen wrote:
On 11.5.2011, at 1.10, Steven King wrote:
Turning on auth debugging
May 10 18:09:22 auth(default): Info: shadow(mjb,69.2.98.5): lookup May 10 18:09:22 auth(default): Info: shadow(mjb,69.2.98.5): unknown user
These messages suggest that the auth mechanisms can't find the user. Though the user clearly exists in both /etc/passwd and /etc/shadow. getspnam() doesn't see the user existing. There are 3 possibilies that I can think of:
the user truely doesn't exist in there
the file can't be opened due to auth process being run without root privileges (default in v2.0) - dovecot -n output would show this
SELinux or similar preventing Dovecot from accessing /etc/shdadow
-- Steve King
Senior Linux Engineer - Advance Internet, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
You could set it to be run as a user that has group=shadow privileges.
On 11.5.2011, at 1.17, Steven King wrote:
Interesting... #2 corrected it. Set the auth process to run as root...
Is that safe?
On 5/10/11 6:13 PM, Timo Sirainen wrote:
On 11.5.2011, at 1.10, Steven King wrote:
Turning on auth debugging
May 10 18:09:22 auth(default): Info: shadow(mjb,69.2.98.5): lookup May 10 18:09:22 auth(default): Info: shadow(mjb,69.2.98.5): unknown user
These messages suggest that the auth mechanisms can't find the user. Though the user clearly exists in both /etc/passwd and /etc/shadow. getspnam() doesn't see the user existing. There are 3 possibilies that I can think of:
the user truely doesn't exist in there
the file can't be opened due to auth process being run without root privileges (default in v2.0) - dovecot -n output would show this
SELinux or similar preventing Dovecot from accessing /etc/shdadow
-- Steve King
Senior Linux Engineer - Advance Internet, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
On 11.5.2011, at 1.07, Steven King wrote:
I'm trying to get authentication to work without PAM and just use the standard shadow and passwd files.
auth default {
userdb passwd { }
passdb shadow { }
}
That's not dovecot -n output.
This seems to be valid code to use /etc/passwd and /etc/shadow.
Maybe..
My linux distro is using Salted MD5. Though Dovecot keeps telling me that authentication failed. It doesn't give me any error messages regarding the config.
Set auth_debug_passwords=yes. And show the exact log messages. And exact dovecot -n output.
dovecot -n output
root@slacky:/usr/doc/dovecot-1.2.16/wiki# dovecot -n # 1.2.16: /etc/dovecot.conf # OS: Linux 2.6.33.4 x86_64 Slackware 13.1.0 log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot.log protocols: imap pop3 ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_trusted_networks: 127.0.0.1 first_valid_gid: 500 mail_location: ~/mail mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib64/dovecot/imap mail_plugin_dir(imap): /usr/lib64/dovecot/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %v.%u lda: auth_socket_path: /var/run/dovecot/auth-master auth default: user: nobody debug: yes debug_passwords: yes passdb: driver: shadow userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix
On 5/10/11 6:10 PM, Timo Sirainen wrote:
On 11.5.2011, at 1.07, Steven King wrote:
I'm trying to get authentication to work without PAM and just use the standard shadow and passwd files.
auth default {
userdb passwd { }
passdb shadow { }
} That's not dovecot -n output.
This seems to be valid code to use /etc/passwd and /etc/shadow. Maybe..
My linux distro is using Salted MD5. Though Dovecot keeps telling me that authentication failed. It doesn't give me any error messages regarding the config. Set auth_debug_passwords=yes. And show the exact log messages. And exact dovecot -n output.
-- Steve King
Senior Linux Engineer - Advance Internet, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
Fair enough... thanks for your help.
On 5/10/11 6:17 PM, Timo Sirainen wrote:
On 11.5.2011, at 1.14, Steven King wrote:
auth default: user: nobody passdb: driver: shadow nobody doesn't have permissions to read /etc/shadow
-- Steve King
Senior Linux Engineer - Advance Internet, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
participants (2)
-
Steven King
-
Timo Sirainen