[Dovecot] POP3 notice if password expired
Hi,
We just migrated our IMAP service to Dovecot and it performs very well.
We also want to migrate our POP3 service (qpopper) to Dovecot.
The problem is that Dovecot and Qpopper differently act on expired passwords:
Qpopper: -ERR "user": password expired.
Dovecot: -ERR Authentication failed.
Are there any way to tell Dovecot to report about expired passwords?
We have about 30000 users and 84 days password lifecycle. "Password expired" notifications highly reduce the number of support calls from our users.
Server setup info: Solaris 9 SPARC, PAM authentication.
Thanks, Vaidas Pilkauskas Vilnius University
On Thu, 2006-06-01 at 11:27 +0300, Vaidas Pilkauskas wrote:
Hi,
We just migrated our IMAP service to Dovecot and it performs very well.
We also want to migrate our POP3 service (qpopper) to Dovecot.
The problem is that Dovecot and Qpopper differently act on expired passwords:
Qpopper: -ERR "user": password expired.
Dovecot: -ERR Authentication failed.
Are there any way to tell Dovecot to report about expired passwords?
See if this patch works:
On Sun, Jun 11, 2006 at 03:52:24PM +0300, Timo Sirainen wrote:
See if this patch works:
After applying the patch I still get:
-ERR Authentication failed.
Log: dovecot: Jun 12 09:28:55 Info: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=127.0.0.1 rip=127.0.0.1 resp=<hidden> dovecot: Jun 12 09:28:55 Info: auth(default): pam(liucijus,127.0.0.1): pam_acct_mgmt() failed: Authentication token is no longer valid; new one required. dovecot: Jun 12 09:28:56 Info: auth(default): client out: FAIL 1 user=liucijus
The problem is that dovecot should handle PAM_NEW_AUTHTOK_REQD not PAM_ACCT_EXPIRED in auth/passdb_pam.c function pam_verify_plain_child
I changed PAM_CCT_EXPIRED to PAM_NEW_AUTHTOK_REQD and got another problem:
-ERR Temporary authentication failure.
Log: dovecot: Jun 12 09:17:13 Info: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=127.0.0.1 rip=127.0.0.1 resp=<hidden> dovecot: Jun 12 09:17:13 Info: auth(default): pam(liucijus,127.0.0.1): pam_acct_mgmt() failed: Authentication token is no longer valid; new one required. dovecot: Jun 12 09:17:13 Error: child 12085 (auth) killed with signal 11
Any ideas?
On Sun, Jun 11, 2006 at 03:52:24PM +0300, Timo Sirainen wrote:
See if this patch works:
The problem is that dovecot should handle PAM_NEW_AUTHTOK_REQD not PAM_ACCT_EXPIRED in auth/passdb_pam.c function pam_verify_plain_child
I changed PAM_CCT_EXPIRED to PAM_NEW_AUTHTOK_REQD and got another problem:
-ERR Temporary authentication failure.
Log: dovecot: Jun 12 09:17:13 Info: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=127.0.0.1 rip=127.0.0.1 resp=<hidden> dovecot: Jun 12 09:17:13 Info: auth(default): pam(liucijus,127.0.0.1): pam_acct_mgmt() failed: Authentication token is no longer valid; new one required. dovecot: Jun 12 09:17:13 Error: child 12085 (auth) killed with signal 11
Found what caused problem. Patches attached.
participants (2)
-
Timo Sirainen
-
Vaidas Pilkauskas