[dovecot] Re: OSX & Authentication

[Scott A.McIntyre]

>
> Can you login with another user name? What if you kill dovecot-auth
> process, does that reset it so that you can login again?

No -- once dovecot-auth gets a failure back, it repeats failures for 
any other account logins.  If I kill it and try to login again, it will 
work once, then same problem.


>> auth       required     pam_securityserver.so
>
> What does this do? Does it contain user login limits of any kind? Just
> thinking if something is waiting for the process that did PAM checking
> to terminate before allowing to login again..

I stole that from the pam entry for SSH -- however, your questions got 
me thinking.  I changed it to:

auth       required       pam_unix.so
auth       sufficient     pam_netinfo.so
account    required       pam_unix.so

And this will work, repeatedly, for accounts which are set to "Basic" 
authentication and not the password server; the Security Server (same 
thing as Password Server, I believe) is the element that controls 
minimum password length, validity period, etc.

However, for a different account, which was converted to Password 
Server from Basic and then converted back again, I'm still unable to 
authenticate more than once.



>
>> . NO Authentication failed.
>
> Setting "auth_verbose = yes" in config file would give better error
> message.


Not during telnet, however, in the mail logs:

Mar  6 21:41:55 alles imap-login: Login: scott [127.0.0.1]
Mar  6 22:42:13 alles dovecot-auth: PAM unable to resolve symbol: 
pam_sm_authenticate
Mar  6 22:42:13 alles dovecot-auth: PAM unable to resolve symbol: 
pam_sm_setcred
Mar  6 22:42:13 alles dovecot-auth: PAM: pam_authenticate(scott) 
failed: Authentication failure
Mar  6 21:42:14 alles imap-login: Aborted login [127.0.0.1]

It would seem that the problem is tied up with how OSX and Pam and the 
Security server work -- I'll keep poking at it.

Scott