Wayne Andersen
2013-Jun-14 15:45 UTC
[Dovecot] Pam authentication failure message but it works
I am running Centos 6.4 64bit.
Dovecot 2.0.9
I am getting the following messages in /var/log/secure, which looks like
the pam authentication is not working but the users are allowed to login
and the system works great.
I am wondering if pam is actually failing and yet the system is getting
the login info from elsewhere, or is this just a nuisance message?
/var/log/secure
Jun 12 23:11:29 smtp auth: pam_unix(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser=christineg
rhost=65.13.54.123 user=christineg
Jun 12 23:11:45 smtp auth: pam_unix(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser=susieg
rhost=70.208.29.109 user=susieg
Jun 12 23:12:03 smtp auth: pam_unix(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser=bobs
rhost=70.59.189.210 user=bobs
In the debug log file I see what looks like a successful connection, but
don't know how to read the two pam lines.
/var/log/dovecot.debug.log
Jun 12 23:11:29 auth: Debug: auth client connected (pid=10098)
Jun 12 23:11:29 auth: Debug: client in: AUTH 1 PLAIN
service=imap lip=206.169.228.24 rip=65.13.54.123 lport=143
rport=54049 resp=AGNocmlzZwBjZzQ4MjUJun 12 23:11:29 auth: Debug:
pam(christineg,65.13.54.123): lookup
service=dovecot
Jun 12 23:11:29 auth: Debug: pam(christineg,65.13.54.123): #1/1 style=1
msg=Password:
Jun 12 23:11:29 auth: Debug: client out: OK 1 user=christineg
Jun 12 23:11:29 auth: Debug: master in: REQUEST 4079353857 10098
1 0229474c9c1038e161328ecd28884af2
Jun 12 23:11:29 auth: Debug: passwd(christineg,65.13.54.123): lookup
Jun 12 23:11:29 auth: Debug: master out: USER 4079353857 christineg
system_groups_user=christineg uid=1116 gid=100 home=/home/christineg
Jun 12 23:11:29 imap(christineg): Debug: Effective uid=1116, gid=100,
home=/home/christineg
Jun 12 23:11:29 imap(christineg): Debug: maildir++:
root=/home/christineg/Maildir, index=, control=,
inbox=/home/christineg/Maildir
Jun 12 23:11:44 auth: Debug: auth client connected (pid=10100)
Jun 12 23:11:45 auth: Debug: client in: AUTH 1 PLAIN
service=imap lip=206.169.228.24 rip=70.208.29.109
lport=143 rport=14107
Jun 12 23:11:45 auth: Debug: client out: CONT 1
Jun 12 23:11:45 auth: Debug: client in: CONT 1
AHJpY2hhcmRnQGNsaW1hLXRlY2guY29tAHJnMzgyMg=Jun 12 23:11:45 auth: Debug:
pam(susieg,70.208.29.109): lookup
service=dovecot
Jun 12 23:11:45 auth: Debug: pam(susieg,70.208.29.109): #1/1 style=1
msg=Password:
Jun 12 23:11:45 auth: Debug: client out: OK 1 user=susieg
Jun 12 23:11:45 auth: Debug: master in: REQUEST 3368157185 10100
1 5a8d4b15a417d0bc4d2f818c5a5710f0
Jun 12 23:11:45 auth: Debug: passwd(susieg,70.208.29.109): lookup
Jun 12 23:11:45 auth: Debug: master out: USER 3368157185 susieg
system_groups_user=susieg uid=1087 gid=100 home=/home/susieg
Jun 12 23:11:45 imap(susieg): Debug: Effective uid=1087, gid=100,
home=/home/susieg
Jun 12 23:11:45 imap(susieg): Debug: maildir++:
root=/home/susieg/Maildir, index=, control=, inbox=/home/susieg/Maildir
Jun 12 23:12:03 auth: Debug: auth client connected (pid=10104)
Jun 12 23:12:03 auth: Debug: auth client connected (pid=10105)
Jun 12 23:12:03 auth: Debug: client in: AUTH 1 PLAIN
service=imap lip=206.169.228.24 rip=70.59.189.210
lport=143 rport=38705
Jun 12 23:12:03 auth: Debug: client out: CONT 1
Jun 12 23:12:03 auth: Debug: client in: CONT 1
AGJyZW5kb25jQGNsaW1hLXRlY2guY29tAGJjMTU1NA=Jun 12 23:12:03 auth: Debug:
pam(bobs,70.59.189.210): lookup service=dovecot
Jun 12 23:12:03 auth: Debug: pam(bobs,70.59.189.210): #1/1 style=1
msg=Password:
Jun 12 23:12:03 auth: Debug: client out: OK 1 user=bobs
Jun 12 23:12:03 auth: Debug: master in: REQUEST 709623809 10104
1 0c261d849b956bf9cb5c0833b498bb97
Jun 12 23:12:03 auth: Debug: passwd(bobs,70.59.189.210): lookup
Jun 12 23:12:03 auth: Debug: master out: USER 709623809 bobs
system_groups_user=bobs uid=1188 gid=100 home=/home/bobs
Jun 12 23:12:03 imap(bobs): Debug: Effective uid=1188, gid=100,
home=/home/bobs
Jun 12 23:12:03 imap(bobs): Debug: maildir++: root=/home/bobs/Maildir,
index=, control=, inbox=/home/bobs/Maildir
/etc/pam.d/dovecot
#%PAM-1.0
auth required pam_nologin.so
auth include password-auth
account include password-auth
session include password-auth
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 CentOS release 6.4 (Final)
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_username_format = %n
auth_verbose = yes
debug_log_path = /var/log/dovecot.debug.log
disable_plaintext_auth = no
hostname = mail.mydomain.com
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_debug = yes
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date
mbox_write_locks = fcntl
passdb {
args = failure_show_msg=yes
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
}
postmaster_address = postmaster at mydomain.com
protocols = imap pop3 lmtp sieve
sendmail_path = /usr/sbin/sendmail.postfix
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
ssl_cert = </etc/postfix/mail.mydomain.crt
ssl_key = </etc/postfix/mail.mydomain.key
userdb {
driver = passwd
}
protocol lmtp {
mail_plugins = " sieve"
}
protocol lda {
mail_plugins = " sieve"
}
protocol pop3 {
pop3_save_uidl = no
pop3_uidl_format = %08Xu%08Xv
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: waynea.vcf
Type: text/x-vcard
Size: 281 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20130614/e84fe9ba/attachment.vcf>
Possibly Parallel Threads
Wisdom of the Ancients
