Hi,
Taking a stab at getting OSX Server 10.2.4 running Dovecot -- with a minor tweak of replacing lchown() with chown() in the src/lib/sakfe-mkdir.c, it compiled and installed without any problems.
However, oddness in authentication. It works once, but only once. I'm trying to use pam and have the following:
auth required pam_securityserver.so auth sufficient pam_unix.so account required pam_unix.so
In the dovecot.conf I have (amongst other things):
auth_userdb = passwd auth_passdb = pam
I start up dovecot and do:
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK dovecot ready. . login scott pass . OK Logged in. . logout
- BYE Logging out . OK Logout completed.
No problem.
However, try it again and:
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK dovecot ready. . login scott pass . NO Authentication failed. . logout
- BYE Logging out . OK Logout completed.
Perhaps there's a better way to get dovecot playing under osx; I'd tried a number of ways of using pam, but perhaps there's a magic other option I've not got working yet. I do run the password server and my account name is using that as per the Workgroup Manager's settings (as opposed to Basic)...
Any thoughts appreciated!
Scott
On Thu, 2003-03-06 at 19:49, Scott A.McIntyre wrote:
Taking a stab at getting OSX Server 10.2.4 running Dovecot -- with a minor tweak of replacing lchown() with chown() in the src/lib/sakfe-mkdir.c, it compiled and installed without any problems.
This is fixed in CVS.
However, oddness in authentication. It works once, but only once. I'm trying to use pam and have the following:
Can you login with another user name? What if you kill dovecot-auth process, does that reset it so that you can login again?
auth required pam_securityserver.so
What does this do? Does it contain user login limits of any kind? Just thinking if something is waiting for the process that did PAM checking to terminate before allowing to login again..
. NO Authentication failed.
Setting "auth_verbose = yes" in config file would give better error message.
Can you login with another user name? What if you kill dovecot-auth process, does that reset it so that you can login again?
No -- once dovecot-auth gets a failure back, it repeats failures for any other account logins. If I kill it and try to login again, it will work once, then same problem.
auth required pam_securityserver.so
What does this do? Does it contain user login limits of any kind? Just thinking if something is waiting for the process that did PAM checking to terminate before allowing to login again..
I stole that from the pam entry for SSH -- however, your questions got me thinking. I changed it to:
auth required pam_unix.so auth sufficient pam_netinfo.so account required pam_unix.so
And this will work, repeatedly, for accounts which are set to "Basic" authentication and not the password server; the Security Server (same thing as Password Server, I believe) is the element that controls minimum password length, validity period, etc.
However, for a different account, which was converted to Password Server from Basic and then converted back again, I'm still unable to authenticate more than once.
. NO Authentication failed.
Setting "auth_verbose = yes" in config file would give better error message.
Not during telnet, however, in the mail logs:
Mar 6 21:41:55 alles imap-login: Login: scott [127.0.0.1] Mar 6 22:42:13 alles dovecot-auth: PAM unable to resolve symbol: pam_sm_authenticate Mar 6 22:42:13 alles dovecot-auth: PAM unable to resolve symbol: pam_sm_setcred Mar 6 22:42:13 alles dovecot-auth: PAM: pam_authenticate(scott) failed: Authentication failure Mar 6 21:42:14 alles imap-login: Aborted login [127.0.0.1]
It would seem that the problem is tied up with how OSX and Pam and the Security server work -- I'll keep poking at it.
Scott
participants (2)
-
Scott A.McIntyre
-
Timo Sirainen