[Dovecot] openbsd and dovecot
I'm setting up dovecot in OpenBSD OS. The problem is that I can't set up dovecot to use kerberos authentication via bsdauth which is "similar to pam" I try to test dovecot via telnet: telnet localhost pop3 user test +OK pass password -ERR [IN-USE] Temporary authentication failure
and some strings from logs Feb 3 15:02:37 srv-mx-00 dovecot: auth: Error: bsdauth(rodin.m,127.0.0.1): getpwnam() failed: Operation not permitted Feb 3 15:02:46 srv-mx-00 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<rodin.m>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Feb 3 15:29:13 srv-mx-00 dovecot: auth: Error: bsdauth(test,127.0.0.1): getpwnam() failed: Operation not permitted
What am I doing wrong?
Here is the output of dovecot -n
auth_krb5_keytab = /etc/kerberosV/krb5.keytab auth_mechanisms = plain login default_internal_user = _dovecot default_login_user = _dovenull disable_plaintext_auth = no first_valid_gid = 2000 first_valid_uid = 2000 last_valid_gid = 2000 last_valid_uid = 2000 mail_gid = vmail mail_location = maildir:/var/vmail/%u%Ud/Maildir mail_uid = vmail mbox_write_locks = fcntl mmap_disable = yes passdb { driver = bsdauth } service auth { unix_listener /var/spool/postfix/private/auth { group = _postfix mode = 0666 user = _postfix } } ssl_cert = </etc/ssl/dovecotcert.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { driver = passwd } userdb { args = uid=2000 gid=2000 home=/var/mail/%Lu driver = static } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv }
On 3.2.2012, at 15.15, User Max wrote:
Feb 3 15:02:37 srv-mx-00 dovecot: auth: Error: bsdauth(rodin.m,127.0.0.1): getpwnam() failed: Operation not permitted
service auth { user = root }
Does this make any difference? If it does help, there's a bug somewhere. If it doesn't help, then there's something else weird going on.
07.02.2012 0:27, Timo Sirainen пишет:
On 3.2.2012, at 15.15, User Max wrote:
Feb 3 15:02:37 srv-mx-00 dovecot: auth: Error: bsdauth(rodin.m,127.0.0.1): getpwnam() failed: Operation not permitted service auth { user = root }
Does this make any difference? If it does help, there's a bug somewhere. If it doesn't help, then there's something else weird going on.
No, it didn't help. Might it be that I need to edit any system files in /etc directory? When I set up dovecot on debian I had to edit /etc/pam.d/dovecot file accordingly to enable kerberos authentication for mail users in Active Directory. Someone suggested that I edit /etc/login.conf file in OpenBSD to enable kerberos for dovecot. But I've no idea of how these edits should look like.
On 8.2.2012, at 20.56, Maxim wrote:
Feb 3 15:02:37 srv-mx-00 dovecot: auth: Error: bsdauth(rodin.m,127.0.0.1): getpwnam() failed: Operation not permitted service auth { user = root }
Does this make any difference? If it does help, there's a bug somewhere. If it doesn't help, then there's something else weird going on.
No, it didn't help. Might it be that I need to edit any system files in /etc directory? When I set up dovecot on debian I had to edit /etc/pam.d/dovecot file accordingly to enable kerberos authentication for mail users in Active Directory. Someone suggested that I edit /etc/login.conf file in OpenBSD to enable kerberos for dovecot. But I've no idea of how these edits should look like.
The problem is that auth worker process can't do getpwnam() call. Typically that would read from /etc/passwd, but I don't know if in OpenBSD if you have configured it to read from elsewhere (AD?). Anyway, I don't know why it would give EPERM error since the process is running as root. You could try ktraceing it to see what actually fails.
participants (3)
-
Maxim
-
Timo Sirainen
-
User Max