search for: pam_authentication

Should pam_setcred() be called if pam_authenticate() wasn't called? I would say not; both of these functions are in the authenticate part of pam. It seems the the 'auth' part of pam config controls which modules get called, so if you didn't to _authenticate() you shouldn't do _setcred(). thx /fc

Dear all, I've been looking into hacking with some PAM modules, and thought I could learn from the OpenSSH source (it's probably the closest thing to a canonical cross-platform consumer of the API). One thing I've noticed I don't understand though is how OpenSSH's invocation of do_pam_session/setcred can work (in main of the process forked in sshd.c). Ignoring privsep for the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there any way to disable logging of failures during pam_authenticate? I ask because OpenSSH is currently generating an extra "authentication failure..." message at each login. The problem is that OpenSSH likes to try a blank password attempting any other authentication. This is a shortcut for anonymous SSH servers (e.g. OpenBSD's

Hello, I would like to ask for your help. I have noticed some error messages issued by dovecot. Mar 13 20:00:57 relay dovecot: auth-worker(default): pam(example at example.com): pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?) Not surprisingly $ l /etc/pam.d/dovecot ls: /etc/pam.d/dovecot: No such file or directory The funny thing is that authentication does work

I'm seeing strings of failed POP3 login attempts with obvious bogus usernames coming from different IP addresses. Today's originated from 216.31.146.19 (which resolves to neovisionlabs.com). This looks like a botnet attack. I got a similar probe a couple days ago. Is anyone else seeing these? The attack involves trying about 20 different names, about 3-4 seconds apart. Here's a

>Using OpenSSH 3.1p1 on a Sun Solaris 7 box, I disabled an account using the >'passwd -l ...' command to lock the users password. However, the user can >still access the system via ssh. Whilst I could do other things such as >moving their .ssh directory, removing their account home directory, etc, >etc, is there some 'nicer' way to inform ssh that the account is now

Works great with all the beta versions. I installed RC1 and get massive authentication failures. auth_debug_passwords = yes auth_master_user_separator=* auth default_with_listener { mechanisms = plain passdb passwd-file { # Master users that can log in as anyone args = /etc/dovecot.masterusers master = yes #pass =yes } passdb passwd-file { # Path for passwd-file

Testing installation of Dovecot. Log is showing two errors. Any ideas how to fix this thing??? dovecot: May 07 05:19:06 Error: auth-worker(default): pam(Yoda,127.0.0.1): pam_authenticate() failed: User not known to the underlying authentication module dovecot: May 07 05:21:48 Error: IMAP(Yoda): open() failed with mbox file /var/mail/Yoda: Permission denied Here's the dovecot.conf file #

Obviously I have an account. This is Solaris 10. I have been tinkering with the /etc/pam.conf without success. Does anyone have a solution? I have this currently in the pam.conf. dovecot auth required pam_passwd_auth.so.1 try_first_pass dovecot account required pam_unix_account.so.1 I have tried: dovecot auth required pam_unix_account.so.1 nullok dovecot account

Hi List, I have a problem with auth for just one user: dovecot: Sep 30 09:56:16 Info: auth(default): new auth connection: pid=3809 dovecot: Sep 30 09:56:17 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=AGoucnVpc0BtZXJreC12ZXJrZXJrLm5sAGJsb2VtMDEh dovecot: Sep 30 09:56:17 Info: auth(default): pam(j.ruis at

I'm having the same problem.... Did anyone find a solution? -- Geoff -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://dovecot.org/pipermail/dovecot/attachments/20060512/64e2b38c/attachment-0001.html>

https://bugzilla.mindrot.org/show_bug.cgi?id=1794 Summary: sshd segfault when calling pam_authenticate() in pam_unix module which has option "try_first_pass" Product: Portable OpenSSH Version: 5.5p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: critical Priority: P2

The auth-pam.c of sshd server contains a small flaw that allows empty password logins even if "PermitEmptyPasswords" option in the sshd config file is set to "no". The scenario is as follows: Using ssh the user tries to logon to the machine using an account that has empty password. If the user presses enter on the password prompt (NULL password) access is

When I open the mail client (thunderbird), I can access the mailboxes and all of a sudden, I am loosing the authenticated session. Any idea's where to look? Jan 17 12:42:04 mail04 dovecot: imap-login: Login: user=<usertest>, method=PLAIN, rip=192.168.10.219, lip=192.168.10.44, mpid=13403, TLS, session=<NsYo4qV/CNfAqArb> Jan 17 12:42:04 mail04 dovecot: imap(usertest): Debug:

Hello all, Following the Dovecot wiki and migration help, we recently migrated our core IMAP systems from Courier to Dovecot on Solaris. So far it's been working great, but I have one issue that I'm curious about. Just as the docs mention, we also use "syslog_facility = mail" for logging. Unlike in the past, failed PAM auth attempts are now getting logged as mail.error: Nov

Hello guys, I'm trying to setup anonymous IMAP login on a bunch of Outlook clients, but it doesn't seems to work. I'm using dovecot-0.99.14-r1, on a Gentoo Linux OS. Using command line anonymous login, it's working just fine: youri / # telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK dovecot ready. . CAPABILITY *

Hi! I'm using Openssh v3.5p1 with Solaris 8 compiled with pam support enabled. It seems that if I use public key authentication I can log in to an account that is locked (/etc/shadow has *LK* as password). Login is also allowed even if the user does not have a valid shell. Is this a bug or am I missing something? -- Osmo Paananen

Hi, I have a login issue. I do everything I can think of, but can't login. My .conf file is at http://kabuto.kunduz.org/dovecot.conf and I make slight changes everytime I try a new thing. I last set disable_plaintext_auth to yes and when I try to login using Thunderbird, I get *Code:* Sending of username did not succeed. Mail server mail.somedomain.org responded: Plaintext

On 07 Apr 2016, at 19:02, Mobile Phone <cell at eceb.co.uk> wrote: > > pam(prtg.08dir,91.91.91.91): pam_authenticate() failed: Authentication > failure (password mismatch?) (given password: YesThisWasTheCorrectPassword) .. > Why it this bouncing 25% + of IMAP AUTH LOGINs? PAM said that login wasn't allowed. PAM can have all kinds of plugins that can do all kinds of things.

>Neither the Sun PAM documentation nor the Linux-PAM documentation >describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail. I would agree it is vague, but then that is also a problem with the XSSO document (http://www.opengroup.org/onlinepubs/008329799/) >Could we please have a clarification on the semantics of >PAM_CRED_ESTABLISH vs. the semantics of