thr3ads.net - dovecot - [Dovecot] PAM Authentication issues with Dovecot [Jan 2006]

If this information is useful, please help other people find it:
Share via:

david.kolts at entouch.net

2006-Jan-12 21:00 UTC

[Dovecot] PAM Authentication issues with Dovecot

<pre>I have a machine with the follow specs.<br /><br />Linux
hermes.business.com 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005<br
/>i686 i686 i386 GNU/Linux<br /><br />pam-0.79-8<br
/>dovecot-0.99.14-4.fc4<br /><br />No one is able to receive
e-mails due to authentication failures and yesterday afternoon<br />they
were able to.<br /><br />I tried the following command directly from
the server and got the following results:<br /><br />[root@hermes
log]# telnet localhost 110<br />Trying 127.0.0.1...<br />Connected
to localhost.localdomain (127.0.0.1).<br />Escape character is
'^]'.<br />+OK dovecot ready.<br />USER user1<br
/>+OK<br />PASS ****************<br />-ERR Authentication
failed.<br /><br />I checked the /var/log/messages file and saw the
following:<br /><br />Jan 12 11:25:41 hermes unix_chkpwd[4601]:
check pass; user unknown<br />Jan 12 11:25:41 hermes
dovecot(pam_unix)[4600]: authentication failure; logname=<br />uid=0
euid=0 tty= ruser= rhost=  user=[user2]<br />Jan 12 11:33:50 hermes
unix_chkpwd[4718]: check pass; user unknown<br />Jan 12 11:33:50 hermes
dovecot(pam_unix)[4717]: authentication failure; logname=<br />uid=0
euid=0 tty= ruser= rhost=  user=[user1]<br /><br />Here is my
/etc/pam.d/dovecot file<br /><br />#%PAM-1.0<br />auth      
required     pam_nologin.so<br />auth       required     pam_stack.so
service=system-auth<br />account    required     pam_stack.so
service=system-auth<br />session    required     pam_stack.so
service=system-auth<br /><br />Any suggestions where to look to
resolve the authentication issue?<br /><br />Thanks,<br
/><br />David Kolts</pre><BR>

Udo Rader

2006-Jan-12 21:17 UTC

head link

[Dovecot] PAM Authentication issues with Dovecot

Am Donnerstag, den 12.01.2006, 16:00 -0500 schrieb
david.kolts at entouch.net:> Here is my /etc/pam.d/dovecot file
> 
> #%PAM-1.0
> auth       required     pam_nologin.so
> auth       required     pam_stack.so service=system-auth
> account    required     pam_stack.so service=system-auth
> session    required     pam_stack.so service=system-auth
well, the interesting part now is what is in the system-auth file.

regards

Udo Rader

BestSolution.at GmbH
http://www.bestsolution.at

david.kolts at entouch.net

2006-Jan-12 21:21 UTC

head link

[Dovecot] PAM Authentication issues with Dovecot

<p>Udo,</p><p>&nbsp;</p><p>Here is my
/etc/pam.d/system-auth file.</p><p><p><br
/>#%PAM-1.0<br /># This file is auto-generated.<br /># User
changes will be destroyed the next time authconfig is run.<br
/>auth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
/lib/security/$ISA/pam_env.so<br
/>auth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
sufficient&nbsp;&nbsp;&nbsp; /lib/security/$ISA/pam_unix.so likeauth
nullok<br
/>auth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
/lib/security/$ISA/pam_deny.so<br /><br
/>account&nbsp;&nbsp;&nbsp;&nbsp;
required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
/lib/security/$ISA/pam_unix.so<br
/>account&nbsp;&nbsp;&nbsp;&nbsp;
sufficient&nbsp;&nbsp;&nbsp; /lib/security/$ISA/pam_succeed_if.so
uid < 100 quiet<br />account&nbsp;&nbsp;&nbsp;&nbsp;
required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
/lib/security/$ISA/pam_permit.so<br /><br
/>password&nbsp;&nbsp;&nbsp;
requisite&nbsp;&nbsp;&nbsp;&nbsp;
/lib/security/$ISA/pam_cracklib.so retry=3<br
/>password&nbsp;&nbsp;&nbsp;
sufficient&nbsp;&nbsp;&nbsp; /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow<br />password&nbsp;&nbsp;&nbsp;
required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
/lib/security/$ISA/pam_deny.so<br /><br
/>session&nbsp;&nbsp;&nbsp;&nbsp;
required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
/lib/security/$ISA/pam_limits.so<br
/>session&nbsp;&nbsp;&nbsp;&nbsp;
required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
/lib/security/$ISA/pam_unix.so<br
/></p></p><p><p><br />Any
ideas?</p><p>&nbsp;</p><p>Regards,</p></p><p>&nbsp;</p><p>Dave<br
/><br /><strong>On Thu Jan 12 16:17 , Udo Rader  sent:<br
/><br /></strong><blockquote style="border-left: 2px
solid rgb(245, 245, 245); margin-left: 5px; margin-right: 0px; padding-left:
5px; padding-right: 0px;">Am Donnerstag, den 12.01.2006, 16:00 -0500
schrieb<br />

<a
href="javascript:top.opencompose('david.kolts@entouch.net','','','')">david.kolts@entouch.net</a>:<br
/>
> Here is my /etc/pam.d/dovecot file<br />
> <br />
> #%PAM-1.0<br />
> auth       required     pam_nologin.so<br />
> auth       required     pam_stack.so service=system-auth<br />
> account    required     pam_stack.so service=system-auth<br />
> session    required     pam_stack.so service=system-auth<br />
<br />

well, the interesting part now is what is in the system-auth file.<br />

<br />

regards<br />

<br />

Udo Rader<br />

<br />

BestSolution.at GmbH<br />

<a target="_blank"
href="../parse.pl?redirect=http%3A%2F%2Fwww.bestsolution.at">http://www.bestsolution.at</a><br
/>

<br />

<br />

</blockquote></p><BR>

david.kolts at entouch.net

2006-Jan-12 23:03 UTC

head link

[Dovecot] PAM Authentication issues with Dovecot

<p>I am able to successfully log on using " su -
username".</p><p>[root@hermes etc]# su - user1<br
/>[user1@hermes ~]$ su - user1<br />Password:<br />[user1@hermes
~]$ su - user2<br />Password:<br />[user2@hermes ~]$ su -
user3<br />Password:<br />[user3@hermes ~]$
</p><p>&nbsp;<br /><br />&nbsp;<br
/><br /><br /><br /><br /> <br /><br
/><strong>On Thu Jan 12 16:35 , Udo Rader  sent:<br /><br
/></strong><blockquote style="border-left: 2px solid rgb(245,
245, 245); margin-left: 5px; margin-right: 0px; padding-left: 5px;
padding-right: 0px;">Am Donnerstag, den 12.01.2006, 16:21 -0500
schrieb<br />

<a
href="javascript:top.opencompose('david.kolts@entouch.net','','','')">david.kolts@entouch.net</a>:<br
/>
> Udo,<br />
> <br />
>  <br />
> <br />
> Here is my /etc/pam.d/system-auth file.<br />
> <br />
> <br />
> #%PAM-1.0<br />
> # This file is auto-generated.<br />
> # User changes will be destroyed the next time authconfig is run.<br
/>
> auth        required      /lib/security/$ISA/pam_env.so<br />
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth<br
/>
> nullok<br />
> auth        required      /lib/security/$ISA/pam_deny.so<br />
> <br />
> account     required      /lib/security/$ISA/pam_unix.so<br />
> account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid
<<br />
> 100 quiet<br />
> account     required      /lib/security/$ISA/pam_permit.so<br />
> <br />
> password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3<br
/>
> password    sufficient    /lib/security/$ISA/pam_unix.so nullok<br />
> use_authtok md5 shadow<br />
> password    required      /lib/security/$ISA/pam_deny.so<br />
> <br />
> session     required      /lib/security/$ISA/pam_limits.so<br />
> session     required      /lib/security/$ISA/pam_unix.so<br />
> <br />
> <br />
> <br />
> Any ideas?<br />
<br />

Hmm, that doesn't look different from mine. <br />

<br />

The log message you get shows that unix_chkpwd is called to verify the<br
/>

given password and that again means that all the mail users have to be<br
/>

stored in /etc/passwd and /etc/shadow.<br />

<br />

Jan 12 11:25:41 hermes unix_chkpwd[4601]: check pass; user unknown<br />

<br />

Can you su - $USER (if the user has a valid login shell)?<br />

<br />

regards<br />

<br />

Udo<br />

<br />

-- <br />

BestSolution.at GmbH<br />

<a target="_blank"
href="../parse.pl?redirect=http%3A%2F%2Fwww.bestsolution.at">http://www.bestsolution.at</a><br
/>

<br />

</blockquote></p><BR>

Possibly Parallel Threads

Search for more apparently analagous threads

dovecot - Jan 2006 - PAM Authentication issues with Dovecot

[Dovecot] PAM Authentication issues with Dovecot

[Dovecot] PAM Authentication issues with Dovecot

[Dovecot] PAM Authentication issues with Dovecot

[Dovecot] PAM Authentication issues with Dovecot

Possibly Parallel Threads