Timo,
I finally made the time to backport a pam fix I created for proftpd over
to dovecot, that allows FreeBSD's pam_group to work as expected. (the bug was
escalated to me internally hehe.. ).
I also noticed an issue while testing that will be confusing to users. If the
docs stay as is, or the other half of this patch is applied, then when the
dovecot.conf contains:
passdb pam {
args = *
}
the imap files within etc/pam.d right now have to be named 'IMAP' and
'POP3' rather than the expected 'imap' and 'pop3'. The attached patch fixes
the code to match the docs.
-Phil.
--- src/auth/passdb-pam.c.orig Mon Mar 26 10:10:26 2007
+++ src/auth/passdb-pam.c Mon Apr 2 16:18:54 2007
@@ -275,6 +275,8 @@
(void)pam_set_item(pamh, PAM_RHOST, host);
/* TTY is needed by eg. pam_access module */
(void)pam_set_item(pamh, PAM_TTY, "dovecot");
+ /* FreeBSD's pam_group need this set as well */
+ (void)pam_set_item(pamh, PAM_RUSER, request->user);
status = pam_auth(request, pamh, &str);
if ((status2 = pam_end(pamh, status)) == PAM_SUCCESS) {
@@ -428,8 +430,15 @@
int fd[2];
pid_t pid;
- service = module->service_name != NULL ?
- module->service_name : request->service;
+ if (module->service_name != NULL) {
+ service = module->service_name;
+ } else {
+ if (!strncmp(request->service, "IMAP",
strlen(request->service)))
+ service = "imap";
+ else if (!strncmp(request->service, "POP3",
strlen(request->service)))
+ service = "pop3";
+ }
+
auth_request_log_debug(request, "pam", "lookup service=%s", service);
if (worker) {
