Sahil Tandon
2008-Jul-27 22:24 UTC
[Dovecot] odd pam_authenticate() failed: authentication error followed by successful imap-login
I am seeing the following errors in my log:
Jul 27 18:14:23 aegis dovecot: auth-worker(default_with_listener):
pam(user at host.org,74.72.46.170): pam_authenticate() failed: authentication
error
Jul 27 18:14:23 aegis dovecot: imap-login: Login: user=<user at host.org>,
method=PLAIN, rip=74.72.46.170, lip=206.251.255.39, TLS
This happens *only* for virtual users; local UNIX users authenticate without
that first error. However, all users are able to view mail, but that
default_with_listener (which I setup just so Postfix could use dovecot to
authenticate SASL senders) error only occurs for virtual users. Why is
default_with_listener getting involved when users are trying to connect to
dovecot directly without any involvement of Postfix? Non-default
configuration parameters below; thanks for any hints.
# dovecot -n
# 1.1.1: /usr/local/etc/dovecot.conf
listen: 127.0.0.1:143
ssl_listen: *:993
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
verbose_proctitle: yes
first_valid_gid: 0
mail_privileged_group: mail
mail_location: maildir:~/Maildir
imap_client_workarounds: delay-newmail outlook-idle netscape-eoh
tb-extra-mailbox-sep
auth default_with_listener:
mechanisms: plain login digest-md5
passdb:
driver: pam
passdb:
driver: passwd-file
args: /usr/local/etc/dovecot/passwd
userdb:
driver: passwd
userdb:
driver: passwd-file
args: /usr/local/etc/dovecot/users
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
auth default:
mechanisms: plain digest-md5
passdb:
driver: passwd-file
args: /usr/local/etc/dovecot/passwd
passdb:
driver: pam
userdb:
driver: passwd-file
args: /usr/local/etc/dovecot/users
userdb:
driver: passwd
--
Sahil Tandon <sahil at tandon.net>
Sahil Tandon
2008-Jul-27 23:05 UTC
[Dovecot] odd pam_authenticate() failed: authentication error followed by successful imap-login [solved]
Sahil Tandon <sahil at tandon.net> wrote:> I am seeing the following errors in my log: > > Jul 27 18:14:23 aegis dovecot: auth-worker(default_with_listener): > pam(user at host.org,74.72.46.170): pam_authenticate() failed: authentication > error > Jul 27 18:14:23 aegis dovecot: imap-login: Login: user=<user at host.org>, > method=PLAIN, rip=74.72.46.170, lip=206.251.255.39, TLS[...]> # dovecot -n > # 1.1.1: /usr/local/etc/dovecot.conf > listen: 127.0.0.1:143 > ssl_listen: *:993 > login_dir: /var/run/dovecot/login > login_executable: /usr/local/libexec/dovecot/imap-login > verbose_proctitle: yes > first_valid_gid: 0 > mail_privileged_group: mail > mail_location: maildir:~/Maildir > imap_client_workarounds: delay-newmail outlook-idle netscape-eoh > tb-extra-mailbox-sep > auth default_with_listener: > mechanisms: plain login digest-md5 > passdb: > driver: pam > passdb: > driver: passwd-file > args: /usr/local/etc/dovecot/passwdI guess order matters. Once I set the virtual user database to be queried before pam, the error is gone. Are there any side effects which I might not be considering? Thanks. [...] -- Sahil Tandon <sahil at tandon.net>