[Dovecot] auth issues on centos5 with ldap backend

Jurvis LaSalle lasalle at idi.harvard.edu
Fri Jun 13 00:31:32 EEST 2008


On Jun 5, 2008, at 3:47 PM, Timo Sirainen wrote:

> On Thu, 2008-06-05 at 12:55 -0400, Jurvis LaSalle wrote:
>> Jun  5 12:37:46 khan dovecot-auth: pam_unix(dovecot:auth):
>> authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
>> rhost=127.0.0.1 user=validLDAPaccount
>>
>> So the user was logged in, but an error was logged for some reason.
>
> This error comes from PAM. Maybe you have PAM configured to do  
> multiple
> different lookups?


Here's my dovecot PAM conf (i've manually included the include  
lines).  I tried to comment out the pam_unix.so lines so that only  
ldap would be checked, but that made all authentication attempts  
fail.  I'm not quite sure how to trim this down so only the ldap  
accounts are queried.  Any PAM experts out there?

[root at borg ~]# cat /etc/pam.d/dovecot
#%PAM-1.0
auth        required     pam_nologin.so
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass debug
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow debug
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in  
crond quiet use_uid
session     required      pam_unix.so debug
session     optional      pam_ldap.so


Thanks,
JL


More information about the dovecot mailing list