[Dovecot] Re: LDAP authentication via PAM
Stephen Warren
swarren at wwwdotorg.org
Mon Apr 10 20:17:42 EEST 2006
Oscar A. Valdez wrote:
> Before trying to Luis' suggestion, I had the following in /var/log/messages:
>
> dovecot(pam_unix)[4691]: check pass; user unknown
> dovecot(pam_unix)[4691]: authentication failure; logname= uid=0 euid=0
> tty= ruser= rhost=
> dovecot-auth[4691]: pam_ldap: could not open secret
> file /etc/ldap.secret (No such file or directory)
I believe this is because your PAM configuration checks both local files
(pam_unix: /etc/passwd) and pam_ldap: LDAP. The pam_unix module can't
find the user in the local database, and complains, then LDAP finds the
user information, and allows the login/whatever.
The solution is probably to create a /etc/pam.d/system-auth-ldap-only
file that doesn't reference pam_unix, and use that pam configuration for
network services such as Dovecot.
Or, possible, check pam_ldap first with a "sufficient" setting; perhaps
this will stop pam_unix being tried at all?
I keep meaning to try this, since I'm seeing those messages from a
number of network services, but have never gotten around to it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20060410/11e225e0/signature.pgp
More information about the dovecot
mailing list