Using PAM and passwdfile together
Jim Garrison
jhg at jhmg.net
Wed Jul 1 21:14:19 UTC 2015
Dovecot 2.0.9 on Centos 6.6
I have some local users and some Postfix virtual mailboxes. The config
currently has:
> # 2.0.9: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-504.12.2.el6.x86_64 x86_64 CentOS release 6.6 (Final)
> first_valid_uid = 190
> log_path = /var/log/dovecot.log
> mail_access_groups = mail
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> mbox_write_locks = fcntl
> passdb {
> driver = pam
> }
> passdb {
> args = scheme=MD5 username_format=%u /etc/dovecot/auth/%d.passwd
> driver = passwd-file
> }
> protocols = imap pop3
> ssl_ca = </etc/pki/tls/certs/ca-bundle.crt
> ssl_cert = </etc/pki/dovecot/certs/mailcert.pem
> ssl_key = </etc/pki/dovecot/private/mailkey.pem
> ssl_parameters_regenerate = 48
> userdb {
> driver = passwd
> }
> userdb {
> args = uid=199 gid=199 home=/var/mail/vhosts/%d/%n mail=mbox:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/%n/mail
> driver = static
> }
Each time a virtual mailbox user logs in, PAM writes a set of
Authentication Failure messages to /var/log/secure when it attempts
to find the virtual user, which it then successfully authenticates
in the passwd-file. Is there a way to prevent PAM from loggin this
spurious error and having dovecot log an authentication failure only if
BOTH methods fail?
--
Jim Garrison (jhg at acm.org)
PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88
More information about the dovecot
mailing list