[Dovecot] 1.1.6: PAM passdb/userdb (mis)configuration

Timo Sirainen tss at iki.fi
Tue Jan 13 19:49:47 EET 2009


On Tue, 2009-01-13 at 09:14 +0200, Oved Ben-Aroya wrote:
> > >which work fine, except for Outlook/OL Express users that are asked  
> > >for
> > >their password whenever they "send/receive"...  We've had also  
> > >"passdb shadow"
> > >that somehow "fixed" this
> > 
> > This really makes no sense. Outlook doesn't know if you're using PAM  
> > or shadow. Do you mean that Outlook anyway can successfully log in,  
> > but just asks the password all the time?
> 
> Sorry I was not clear in my description of the problem.
> Yes, users of Outlook log in and read their mail just fine.  However,
> whenever they want to refresh the inbox or send mail, they are presented
> with a login window of Outlook.  With the "passdb shadow" directive that somehow
> crept in, Outlook users were not asked for password after they logged in
> (however this broke the password exiration).  

Well, there is some difference between what PAM and shadow does. Perhaps
PAM starts failing the login after some time? Enable auth_debug=yes and
see what the difference is between when using shadow and pam.

The difference between Outlook/OE and other clients is that they keep
logging out and back in all the time, while other clients typically log
in only once. Perhaps you have a PAM plugin that limits the number of
logins to once every n minutes or something?

> I wonder if we need to enable authentication cache?

It shouldn't be necessary, but if the problem is something like what I
described above then auth cache will probably work around the actual
problem in most cases (but not all).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090113/55c78a30/attachment.bin 


More information about the dovecot mailing list