Oved Ben-Aroya
2009-Jan-12 07:28 UTC
[Dovecot] 1.1.6: PAM passdb/userdb (mis)configuration
I'm sure I'm missing something obvious :-(
Dovecot version 1.1.6, pam authentication via ldap (openldap). basicly,
we use:
passdb pam
userdb passwd
which work fine, except for Outlook/OL Express users that are asked for
their password whenever they "send/receive"... We've had also
"passdb shadow"
that somehow "fixed" this but allowed also users with expired
passwords
to login :-( re-added for now, untill the correct configuration is achived).
Here is the output of dovecot -n:
# 1.1.6: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.9-55.ELsmp x86_64 Red Hat Enterprise Linux AS release 4 (Nahant
Update 7)
info_log_path: /var/log/dovecot
protocols: imap imaps pop3 pop3s
listen(default): *
listen(imap): *
listen(pop3): *:110
ssl_listen(default):
ssl_listen(imap):
ssl_listen(pop3): *:995
ssl_ca_file: /usr/local/etc/dovecot/certs/IPS-IPSCABUNDLE.CRT
ssl_cert_file: /usr/local/etc/dovecot/certs/dovecot.pem
ssl_key_file: /usr/local/etc/dovecot/private/dovecot.pem
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
first_valid_uid: 50
mail_debug: yes
mail_full_filesystem_access: yes
mmap_disable: yes
lock_method: dotlock
mbox_read_locks: dotlock
mbox_write_locks: dotlock
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): outlook-idle delay-newmail
imap_client_workarounds(imap): outlook-idle delay-newmail
imap_client_workarounds(pop3):
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %08Xv%08Xu
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
namespace:
type: private
separator: /
prefix: mail/
location: mbox:%h/mail
list: yes
subscriptions: yes
namespace:
type: private
separator: /
location:
maildir:%h/Maildir:INDEX=/var/dovecot/index/%u:CONTROL=/var/dovecot/control/%u
inbox: yes
list: yes
subscriptions: yes
auth default:
verbose: yes
debug: yes
worker_max_request_count: 10
passdb:
driver: pam
args: dovecot
passdb:
driver: shadow
userdb:
driver: passwd
args: blocking=yes
Thank you for your help.
--
\Oved
Dr. Oved Ben-Aroya, Head Unix group, Taub Computer Center, Technion
Phone: +972 (4) 829 3688 FAX: +972 (4) 823 6212
oved at technion.ac.il PGP key at http://tx.technion.ac.il/~oved/pgp/pubkey
PGP Key fingerprint: A9 52 46 04 E8 70 41 99 60 E3 DA 8F BA 39 C2 C8
On Jan 12, 2009, at 2:28 AM, Oved Ben-Aroya wrote:> which work fine, except for Outlook/OL Express users that are asked > for > their password whenever they "send/receive"... We've had also > "passdb shadow" > that somehow "fixed" thisThis really makes no sense. Outlook doesn't know if you're using PAM or shadow. Do you mean that Outlook anyway can successfully log in, but just asks the password all the time?