[Dovecot] auth issues on centos5 with ldap backend
Jurvis LaSalle
lasalle at idi.harvard.edu
Fri Jun 13 00:31:32 EEST 2008
On Jun 5, 2008, at 3:47 PM, Timo Sirainen wrote:
> On Thu, 2008-06-05 at 12:55 -0400, Jurvis LaSalle wrote:
>> Jun 5 12:37:46 khan dovecot-auth: pam_unix(dovecot:auth):
>> authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
>> rhost=127.0.0.1 user=validLDAPaccount
>>
>> So the user was logged in, but an error was logged for some reason.
>
> This error comes from PAM. Maybe you have PAM configured to do
> multiple
> different lookups?
Here's my dovecot PAM conf (i've manually included the include
lines). I tried to comment out the pam_unix.so lines so that only
ldap would be checked, but that made all authentication attempts
fail. I'm not quite sure how to trim this down so only the ldap
accounts are queried. Any PAM experts out there?
[root at borg ~]# cat /etc/pam.d/dovecot
#%PAM-1.0
auth required pam_nologin.so
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass debug
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow debug
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so debug
session optional pam_ldap.so
Thanks,
JL
More information about the dovecot
mailing list