[Dovecot] Problem with pam/krb5 auth on AIX 5.3
Jonathan Siegle
jsiegle at psu.edu
Wed May 20 20:22:03 EEST 2009
I'm using pam to authenticate users against my krb5 realm. Here is the
problem scenario:
User test2 attempts to login and their password is not expired so
dovecot says:
0 login test2 myfavoritepassword
0 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH
ESORT SEARCHRES WITHIN CONTEXT=SEARCH] Logged in
1 logout
* BYE Logging out
1 OK Logout completed.
User test1 attempts to login, but their password is expired. So
dovecot says:
0 login test1 myfavoritepassword
0 NO d expired
User test2 attempts to login and their password is not expired. But
dovecot still says:
0 login test2 myfavoritepassword
0 NO d expired
If I kill the pid with name "dovecot-auth -w", user test2 can login
just fine unless I login with the user test1 before trying user test2.
So it seems like something is getting cached. I'm running imap-login
out of inetd, in case that matters.
In my dovecot.conf, I don't have any caching/authentication variables
activated. I don't see anything obvious to type in passdb pam{ } to
type.
For debug, I've enable pam for telnet and tested that without error.
Also, the logs show that test2
This is dovecot revision 9062:694714d59cd9 . Looking at the logs, I
see user test2 authenticate correctly in all instances.
thanks,
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2541 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20090520/959864f2/attachment.bin
More information about the dovecot
mailing list