Dovecot 2.0.9 on Centos 6.6
I have some local users and some Postfix virtual mailboxes. The config currently has:
# 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.12.2.el6.x86_64 x86_64 CentOS release 6.6 (Final) first_valid_uid = 190 log_path = /var/log/dovecot.log mail_access_groups = mail mail_location = mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks = fcntl passdb { driver = pam } passdb { args = scheme=MD5 username_format=%u /etc/dovecot/auth/%d.passwd driver = passwd-file } protocols = imap pop3 ssl_ca = </etc/pki/tls/certs/ca-bundle.crt ssl_cert = </etc/pki/dovecot/certs/mailcert.pem ssl_key = </etc/pki/dovecot/private/mailkey.pem ssl_parameters_regenerate = 48 userdb { driver = passwd } userdb { args = uid=199 gid=199 home=/var/mail/vhosts/%d/%n mail=mbox:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/%n/mail driver = static }
Each time a virtual mailbox user logs in, PAM writes a set of Authentication Failure messages to /var/log/secure when it attempts to find the virtual user, which it then successfully authenticates in the passwd-file. Is there a way to prevent PAM from loggin this spurious error and having dovecot log an authentication failure only if BOTH methods fail?
-- Jim Garrison (jhg@acm.org) PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 1 Jul 2015, Jim Garrison wrote:
I have some local users and some Postfix virtual mailboxes. The config currently has:
# 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.12.2.el6.x86_64 x86_64 CentOS release 6.6 (Final)
passdb { driver = pam } passdb { args = scheme=MD5 username_format=%u /etc/dovecot/auth/%d.passwd driver = passwd-file }
Each time a virtual mailbox user logs in, PAM writes a set of Authentication Failure messages to /var/log/secure when it attempts to find the virtual user, which it then successfully authenticates in the passwd-file. Is there a way to prevent PAM from loggin this spurious error and having dovecot log an authentication failure only if BOTH methods fail?
Do you have users via PAM and in the passwd-file? If not or if it does not harm, reverse the order of both passdb's .
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVZTaGnz1H7kL/d9rAQLKOAgAoNMgpf5r3E/9QQ3CIqa6gtFQyr3ivWRO j+2JMT63xwJyFNuot3ZRabUr5qNQvQPm+52cZPkX7cBqH+0fB2iiHwIstqaPWHfc M4iVnfohAonO/8thefmjCTbmx086RD3X7EYmTBNrNxw4gp57Lppz6mgsZzKBoeZ8 1H1FDTWxbikQ8ufb8woQgBcXm+LmT0VTpGpMVEndazFhwVqsxV4jHvrVi+OhbTup 0zllqciQZmat06U/hX3F5oK9L6ZXaCpbEVUcj5Zx7QA8CP7gK6ONNmme5noTLAO8 KMTYgYSNACFRWCAjye4I+djkCDJ5EWvf8M/b+czmumzRlRXmuBanFQ== =zuRO -----END PGP SIGNATURE-----
participants (2)
-
Jim Garrison
-
Steffen Kaiser