[dovecot] Re: OSX & Authentication
Scott A.McIntyre
scott at xs4all.net
Thu Mar 6 23:07:37 EET 2003
>
> Can you login with another user name? What if you kill dovecot-auth
> process, does that reset it so that you can login again?
No -- once dovecot-auth gets a failure back, it repeats failures for
any other account logins. If I kill it and try to login again, it will
work once, then same problem.
>> auth required pam_securityserver.so
>
> What does this do? Does it contain user login limits of any kind? Just
> thinking if something is waiting for the process that did PAM checking
> to terminate before allowing to login again..
I stole that from the pam entry for SSH -- however, your questions got
me thinking. I changed it to:
auth required pam_unix.so
auth sufficient pam_netinfo.so
account required pam_unix.so
And this will work, repeatedly, for accounts which are set to "Basic"
authentication and not the password server; the Security Server (same
thing as Password Server, I believe) is the element that controls
minimum password length, validity period, etc.
However, for a different account, which was converted to Password
Server from Basic and then converted back again, I'm still unable to
authenticate more than once.
>
>> . NO Authentication failed.
>
> Setting "auth_verbose = yes" in config file would give better error
> message.
Not during telnet, however, in the mail logs:
Mar 6 21:41:55 alles imap-login: Login: scott [127.0.0.1]
Mar 6 22:42:13 alles dovecot-auth: PAM unable to resolve symbol:
pam_sm_authenticate
Mar 6 22:42:13 alles dovecot-auth: PAM unable to resolve symbol:
pam_sm_setcred
Mar 6 22:42:13 alles dovecot-auth: PAM: pam_authenticate(scott)
failed: Authentication failure
Mar 6 21:42:14 alles imap-login: Aborted login [127.0.0.1]
It would seem that the problem is tied up with how OSX and Pam and the
Security server work -- I'll keep poking at it.
Scott
More information about the dovecot
mailing list