Hi everybody,
we try to migrate our IMAP service from uw-imap to dovecot because of
horrible server slowdown when a lot of people poking in theirs huge imap
folders.
So, I try to run testing instance of dovecot on different imap port (12143)
I have trouble with authentication by PAM module of MIT Kerberos.
It successfuly works for authentificate users of wu-imap but not for
dovecot. I see in dovecot.log messages like that :
Info: Dovecot v1.0.beta3 starting up
Info: auth(default): client in: AUTH 1 PLAIN service=IMAP
lip=10.0.0.154 rip=10.0.0.148
Info: auth(default): client out: CONT 1
Info: auth(default): client in: CONT 1 AGtDNLamUjvADNLamUjQRsbw= Error:
auth(default): pam(kyyashko,10.0.0.148): Child process died
Info: auth(default): shadow(kyyashko,10.0.0.148): invalid password field
Error: auth(default): PAM: Child 6748 died with signal 11
Info: auth(default): client out: FAIL 1 user=kyyashko temp
Almost all users are in kerberos DB and has in local shadow field
"*KRB*"
instead of encrypted password. So, line "shadow ... invalid password
field"
is OK (when I made a local password in shadow the login was success)
My dovecot.conf looks like:
sl_disable = yes
protocol imap {
listen = *:12143
}
auth_default_realm = FZU.CZ
auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
auth default {
mechanisms = plain
passdb pam {
}
userdb passwd {
}
user = root
}
original /etc/pam.d/dovecot I introdused by lines
auth sufficient pam_krb5.so
auth required pam_unix2.so use_first_pass nullok
or tryed to substitute whole file pam.d/dovecot by actualy working one of imap:
#%PAM-1.0
auth sufficient pam_krb5.so
auth required pam_unix2.so use_first_pass nullok
auth required pam_unix2.so
account required pam_unix2.so
but similary fruitless.
Which direction I have to dig?
P.S. Dovecot was built from dovecot-1.0.beta3-6.src.rpm on SuSE 9.0 with
the same result like from dovecot-1.0.beta3.tar.bz2 :(