[Dovecot] authentication problems with pam_mkhomedir

Defenestrate defenestrate at ymail.com
Fri Jul 15 00:19:58 EEST 2011


Hi! I'm struggling with pam_mkhomedir. Accounts are stored in LDAP (CentOS 
Directory Server AKA 389 Directory Server). I am not pre-creating user home 
directories, and would like to use the pam_mkhomedir module to create the 
directories on the fly, when a user is authenticated via pop3s. pam_mkhomedir is 
working for interactive (e.g. SSH logins), but I don't want to require users to 
login interactively just so their home directory is created.

Dovecot version: 1.0.7

dovecot -n output:

protocols: pop3s
>ssl_cert_file: /etc/pki/tls/certs/mail.ourdomain.tld.pem
>ssl_key_file: /etc/pki/tls/private/mail.ourdomain.tld.pem
>login_dir: /var/run/dovecot/login
>login_executable: /usr/libexec/dovecot/pop3-login
>mail_privileged_group: mail
>mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u
>mail_executable: /usr/libexec/dovecot/pop3
>mail_plugin_dir: /usr/lib64/dovecot/pop3
>pop3_client_workarounds: oe-ns-eoh, outlook-no-nuls
>auth default:
>  verbose: yes
>  debug: yes
>  passdb:
>    driver: pam
>    args: session=yes dovecot
>  userdb:
>    driver: ldap
>    args: /etc/dovecot-ldap.conf

/etc/pam.d/dovecot:

authsufficientpam_ldap.so
>authrequiredpam_deny.so
>
>
>accountsufficientpam_ldap.so
>accountrequiredpam_deny.so
>
>
>passwordsufficientpam_ldap.so use_authtok
>password requiredpam_deny.so
>
>
>sessionoptionalpam_ldap.so
>sessionrequiredpam_mkhomedir.so skel=/etc/skel umask=0022
>
>With the pam_mkhomedir.so line, I see the following in maillog:

Jul 14 16:14:26 mail dovecot: auth(default): client in: AUTH    1       PLAIN   
service=POP3    secured lip=xxx.xxx.xxx.xxx      rip=xxx.xxx.xxx.xxx 
resp=<hidden>
Jul 14 16:14:26 mail dovecot: auth(default): client out: CONT   1
Jul 14 16:14:26 mail dovecot: auth(default): client in: CONT<hidden>
Jul 14 16:14:26 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx): 
lookup service=dovecot
Jul 14 16:14:26 mail dovecot: auth(default): new auth connection: pid=25209
Jul 14 16:14:26 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx): 
pam_open_session() failed: Permission denied
Jul 14 16:14:28 mail dovecot: auth(default): client out: FAIL   1       
user=joe.schmoe
Jul 14 16:14:28 mail dovecot: auth(default): client in: AUTH    2       PLAIN   
service=POP3    secured lip=xxx.xxx.xxx.xxx  rip=xxx.xxx.xxx.xxx       
resp=<hidden>

With the pam_mkhomedir.so line commented out:

Jul 14 16:15:27 mail dovecot: auth(default): client out: CONT   1
Jul 14 16:15:27 mail dovecot: auth(default): client in: CONT<hidden>
Jul 14 16:15:27 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx): 
lookup service=dovecot
Jul 14 16:15:27 mail dovecot: auth(default): client out: OK     1       
user=joe.schmoe
Jul 14 16:15:27 mail dovecot: auth(default): master in: REQUEST 1       25286   
1
Jul 14 16:15:27 mail dovecot: auth(default): ldap(joe.schmoe,xxx.xxx.xxx.xxx): 
user search: base=ou=People, dc=ourdomain, dc=tld scope=subtree 
filter=(&(objectClass=posixAccount)(uid=joe.schmoe)) 
fields=homeDirectory,uidNumber,gidNumber
Jul 14 16:15:27 mail dovecot: auth(default): master out: USER   1       
joe.schmoe      home=/home/joe.schmoe   uid=1057        gid=1000
Jul 14 16:15:27 mail dovecot: POP3(joe.schmoe): 
mkdir_parents(/home/joe.schmoe/mail) failed: Permission denied
Jul 14 16:15:27 mail dovecot: POP3(joe.schmoe): Failed to create storage with 
data: mbox:/home/joe.schmoe/mail:INBOX=/var/spool/mail/joe.schmoe
Jul 14 16:15:27 mail dovecot: child 25292 (pop3) returned error 89
Jul 14 16:15:27 mail dovecot: pop3-login: Login: user=<joe.schmoe>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS
Jul 14 16:19:05 mail dovecot: auth(default): client in: AUTH    1       PLAIN   
service=POP3    secured lip=xxx.xxx.xxx.xxx      rip=xxx.xxx.xxx.xxx       
resp=<hidden>

Any Suggestions?

Thank you!


More information about the dovecot mailing list