search for: pam_authenticate

Should pam_setcred() be called if pam_authenticate() wasn't called? I would say not; both of these functions are in the authenticate part of pam. It seems the the 'auth' part of pam config controls which modules get called, so if you didn't to _authenticate() you shouldn't do _setcred(). thx /fc

...ing to a canonical cross-platform consumer of the API). One thing I've noticed I don't understand though is how OpenSSH's invocation of do_pam_session/setcred can work (in main of the process forked in sshd.c). Ignoring privsep for the moment, if we're doing challenge-response then pam_authenticate is happening in the PAM "thread", so the pam_h we call pam_setcred with isn't the one that we called pam_authenticate with. The pam_h the main process is using at this stage seems to be the one created in sshpam_init_authctx (or mm_init_auth_ctx with privsep) and hasn't had pam_au...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there any way to disable logging of failures during pam_authenticate? I ask because OpenSSH is currently generating an extra "authentication failure..." message at each login. The problem is that OpenSSH likes to try a blank password attempting any other authentication. This is a shortcut for anonymous SSH servers (e.g. OpenBSD's CVS repositories). I...

Hello, I would like to ask for your help. I have noticed some error messages issued by dovecot. Mar 13 20:00:57 relay dovecot: auth-worker(default): pam(example at example.com): pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?) Not surprisingly $ l /etc/pam.d/dovecot ls: /etc/pam.d/dovecot: No such file or directory The funny thing is that authentication does work but I guess I have something misconfigured. I'd appreciate if you could help me. I am on a F...

...his looks like a botnet attack. I got a similar probe a couple days ago. Is anyone else seeing these? The attack involves trying about 20 different names, about 3-4 seconds apart. Here's a few sample log lines: dovecot: Aug 15 04:15:45 Error: auth-worker(default): pam(mike,216.31.146.19): pam_authenticate() failed: User not known to the underlying authentication module dovecot: Aug 15 04:15:49 Error: auth-worker(default): pam(alan,216.31.146.19): pam_authenticate() failed: User not known to the underlying authentication module dovecot: Aug 15 04:15:53 Error: auth-worker(default): pam(info,216.31...

...gt;moving their .ssh directory, removing their account home directory, etc, >etc, is there some 'nicer' way to inform ssh that the account is now locked >and thus to not allow them to login? The pam_unix.so module doesn't check for *LK* in pam_acct_mgmt since it was assuming that pam_authenticate() had been called already - in those cases it would fail. If however you are using publickey authentication rather than going through PAM with a password pam_acct_mgmt is called without first going to pam_authenticate(). This has been fixed in the new pam modules for Solaris 9 where pam_unix_acc...

...mail/shadow.%d } userdb passwd-file { # Path for passwd-file args = /etc/vmail/passwd.%d } socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 } } } dovecot: Jun 28 07:18:57 Info: auth(default): pam(mark at marxmail.net,64.81.213.137): pam_authenticate() failed: Authentication failure dovecot: Jun 28 07:18:57 Info: auth(default): passwd-file(mark at marxmail.net,64.81.213.137): unknown user dovecot: Jun 28 07:18:57 Info: auth(default): client in: AUTH 6 PLAIN service=IMAP secured lip=69.50.231.8rip=64.81.213.137 resp=AG1hcmt...

Testing installation of Dovecot. Log is showing two errors. Any ideas how to fix this thing??? dovecot: May 07 05:19:06 Error: auth-worker(default): pam(Yoda,127.0.0.1): pam_authenticate() failed: User not known to the underlying authentication module dovecot: May 07 05:21:48 Error: IMAP(Yoda): open() failed with mbox file /var/mail/Yoda: Permission denied Here's the dovecot.conf file # 1.1.rc4: /usr/local/etc/dovecot.conf base_dir: /var/run/dovecot/ log_path: /var/log/doveco...

...ot: Dec 17 10:32:13 Info: Dovecot v1.0.alpha5 starting up dovecot: Dec 17 10:32:33 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP lip=172.16.0.41 rip=172.16.0.41 resp=AG1kcGV0ZXJzAEhhY2tlcmphYzY3QA== dovecot: Dec 17 10:32:33 Info: auth(default): pam(myname@mydomain.com,172.16.0.41): pam_authenticate() failed: No account present for user dovecot: Dec 17 10:32:35 Info: auth(default): client out: FAIL 1 user=myname@mydomain.com dovecot: Dec 17 10:32:39 Info: imap-login: Aborted login: user=<myname@mydomain.com>, method=PLAIN, rip=172.16.0.41, lip=172.16.0.41 -- Best regards, Michael

...=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=AGoucnVpc0BtZXJreC12ZXJrZXJrLm5sAGJsb2VtMDEh dovecot: Sep 30 09:56:17 Info: auth(default): pam(j.ruis at merkx-verkerk.nl,127.0.0.1): lookup service=dovecot dovecot: Sep 30 09:56:17 Info: auth(default): pam(j.ruis at merkx-verkerk.nl,127.0.0.1): pam_authenticate() failed: Authentication failed dovecot: Sep 30 09:56:18 Info: auth(default): client out: FAIL 1 user=j.ruis at merkx-verkerk.nl dovecot: Sep 30 09:56:18 Info: imap-login: Disconnected: user=<j.ruis at merkx-verkerk.nl>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured this login a...

I'm having the same problem.... Did anyone find a solution? -- Geoff -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://dovecot.org/pipermail/dovecot/attachments/20060512/64e2b38c/attachment-0001.html>

https://bugzilla.mindrot.org/show_bug.cgi?id=1794 Summary: sshd segfault when calling pam_authenticate() in pam_unix module which has option "try_first_pass" Product: Portable OpenSSH Version: 5.5p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: critical Priority: P2 Component: PAM...

...&& options.permit_empty_passwd == 0) return 0; disallows a login to an empty password account by providing empty password. However if the user provides a random non-empty password the user is able to login to an account that has empty password. This is because the "pam_authenticate" function which is called from "do_pam_authenticate" is always called with "flags" set to "0". If the system PAM authentication configuration is tightened this can be disallowed. However, since users rely on the SSH configuration this non-intuitive...

...indexpvt=, control=/home/popusers/usertest/mail/control, inbox=/var/spool/mail/usertest, alt= Jan 17 12:42:12 mail04 dovecot: imap(usertest): Debug: Drafts: Mailbox opened because: SELECT Jan 17 12:42:14 mail04 dovecot: auth-worker(13400): pam(usertest,192.168.10.219,<fLyv4qV/DNfAqArb>): pam_authenticate() failed: Authentication failure (password mismatch?) Jan 17 12:42:22 mail04 dovecot: auth-worker(13400): pam(usertest,192.168.10.219,<fLyv4qV/DNfAqArb>): pam_authenticate() failed: Authentication failure (password mismatch?) Jan 17 12:42:25 mail04 dovecot: auth-worker(13400): pam(usertes...

...ious about. Just as the docs mention, we also use "syslog_facility = mail" for logging. Unlike in the past, failed PAM auth attempts are now getting logged as mail.error: Nov 24 08:34:34 xxx.xxx.xxx.xxx dovecot: [ID 107833 mail.error] auth-worker(default): pam(dhalik,xxx.xxx.xxx.xxx): pam_authenticate() failed: Authentication failed Is there a reason for this, or a way to configure this behavior? mail.error is a little harsh for pam auth failures and I would think that the auth channel would be used instead similar to other processes (sshd, courier, etc) I'd like to continue using the m...

...RTTLS AUTH=PLAIN AUTH=ANONYMOUS . OK Capability completed. . AUTHENTICATE ANONYMOUS + . OK Logged in. But with Outlook it's not working at all. I tried using no password, or just some random stream, it makes no difference. The error I got in dovecot's logs are: Feb 07 12:31:16 Info: PAM: pam_authenticate(anonymous) failed: Authentication failure Feb 07 12:31:19 Info: PAM: pam_authenticate(anonymous) failed: Authentication failure Feb 07 12:31:28 Info: PAM: pam_authenticate(anonymous) failed: Authentication failure My assumption is that Outlook doesn't provide anonymous IMAP support. Could some...

Hi! I'm using Openssh v3.5p1 with Solaris 8 compiled with pam support enabled. It seems that if I use public key authentication I can log in to an account that is locked (/etc/shadow has *LK* as password). Login is also allowed even if the user does not have a valid shell. Is this a bug or am I missing something? -- Osmo Paananen

...PLAIN service=POP3 lip=192.168.1.2 rip=212.98.201.1 resp=<hidden> dovecot: Jun 07 16:05:45 Info: auth(default): client out: CONT 1 dovecot: Jun 07 16:05:45 Info: auth(default): client in: CONT<hidden> dovecot: Jun 07 16:05:45 Info: auth(default): pam(kabuto,212.98.201.1): pam_authenticate() failed: Authentication failure dovecot: Jun 07 16:05:46 Info: auth(default): client out: FAIL 1 user=kabuto dovecot: Jun 07 16:05:47 Info: auth(default): client in: AUTH 2 PLAIN service=POP3 lip=192.168.1.2 rip=212.98.201.1 resp=<hidden> dovecot: Jun 07 16:05:47...

On 07 Apr 2016, at 19:02, Mobile Phone <cell at eceb.co.uk> wrote: > > pam(prtg.08dir,91.91.91.91): pam_authenticate() failed: Authentication > failure (password mismatch?) (given password: YesThisWasTheCorrectPassword) .. > Why it this bouncing 25% + of IMAP AUTH LOGINs? PAM said that login wasn't allowed. PAM can have all kinds of plugins that can do all kinds of things. Maybe you have enabled some P...

...fect for the application calling any pam_* function is not specified. For Kerberos it will work just fine if called as the PAM_USER but for Secure RPC creds that get established in pam_unix on Solaris there are some times that the euid needs to be root. Also for doing getspnam lookups to statisfy pam_authenticate when using /etc/shadow. >But none of this is documented! Agreed the docs do not specify the level of privilege required by the application for calling pam_* functions. In someways I think it should be upto the modules to document what they need but I also think this could break the abstractio...