[Dovecot] Dovecot & pam_mkhomedir

Fri Dec 16 15:20:15 EET 2005

Looks like you're using version 1.0-stable (judging by the passdb/authdb
option format). I'd recommend upgrading to 1.0alpha5 (which, actually,
is probably more stable!). One of the features added to 1.0 alphas is a
"-session" option to PAM authentication

passdb pam {
  # [-session] [cache_key=<key>] [<service name>]
  #
  # -session makes Dovecot open and immediately close PAM session. Some
  # PAM plugins need this to work.
  #
...
}

which ought to trigger your mkhomedir module.

Best Wishes,
Chris

Stroller wrote:
> Hi there,
> 
> Does anyone have Dovecot working correctly with pam_mkhomedir, please? I
> seem to be going through quite a number of IMAP servers this week,
> trying to find one that will not only authenticate against a Windows
> domain but which will also create home directories for users the first
> time they log in.
> 
> I'm using winbind to do the authentication & that seems to be doing the
> trick in the first instance - if I log in using Squirrelmail I see
> entries written to the system log saying:
> 
>     Dec 16 11:58:35 baby pam_winbind[9319]: user 'ned' granted access
> 
> I have set Dovecot to log to /var/log/mail and in that I see only three
> entries saying:
> 
>     imap-login: Dec 16 11:58:36 Info: Login: ned [127.0.0.1]
> 
> But Squirrelmail gives:
> 
>     ERROR: Could not complete request.
>     Query: SELECT "INBOX"
>     Reason Given:
> 
> /etc/pam.d/imap says:
> 
>     #%PAM-1.0
>     auth       required     /lib/security/pam_winbind.so
>     account    required     /lib/security/pam_winbind.so
>     session    required     /lib/security/pam_mkhomedir.so
> skel=/etc/skel umask=0022
> 
> If I use the same configuration for SSH then the user's home directory
> is created upon authenticaton, but not with Dovecot. I chose to try
> Dovecot because I understood it handled PAM session wossisnames, which
> Courier-IMAP doesn't. My dovecot.conf is attached - I'm wondering if the
> problem could be with the "auth_userdb" setting, but `getent passwd`
> does show an entry for the user:
> 
>     # grep ned /etc/passwd
>     # getent passwd | grep ned
>     ned:x:10012:10000:Ned Nedbody:/home/DOMAIN/ned:/bin/false
>     #
> 
> Many thanks in advance for any advice or suggestions - I'd really like
> to understand what's going on here. I believe I can authenticate against
> the domain using LDAP / Active Directory, but since I don't know if
> that'll help I'd rather not go that route yet.
> 
> If I first try to log in using ssh with pam_mkhomedir enabled then the
> users' home directory is created successfully & I can subsequently log
> on in Squirrelmail. But it's important to me that I shouldn't have to
> create users' home dirs for them - I should be able to add them on the
> Windows domain controller & just tell them to log in to their email -
> the home dir on the mailserver should be created automagically when they
> authenticate against the domain.
> 
> Stroller.
> 
> 
> 

-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094