Re: [Dovecot] auth issues on centos5 with ldap backend

Thu, 12 Jun 2008 14:32:11 -0700 

On Jun 5, 2008, at 3:47 PM, Timo Sirainen wrote:


On Thu, 2008-06-05 at 12:55 -0400, Jurvis LaSalle wrote:

Jun  5 12:37:46 khan dovecot-auth: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
rhost=127.0.0.1 user=validLDAPaccount
So the user was logged in, but an error was logged for some reason.

This error comes from PAM. Maybe you have PAM configured to do  
multiple

different lookups?



Here's my dovecot PAM conf (i've manually included the include  
lines).  I tried to comment out the pam_unix.so lines so that only  
ldap would be checked, but that made all authentication attempts  
fail.  I'm not quite sure how to trim this down so only the ldap  
accounts are queried.  Any PAM experts out there?

[EMAIL PROTECTED] ~]# cat /etc/pam.d/dovecot
#%PAM-1.0
auth        required     pam_nologin.so
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass debug
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow debug
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so

session     [success=1 default=ignore] pam_succeed_if.so service in  
crond quiet use_uid

session     required      pam_unix.so debug
session     optional      pam_ldap.so


Thanks,
JL






















					Reply via email to