Hi! I'm struggling with pam_mkhomedir. Accounts are stored in LDAP (CentOS Directory Server AKA 389 Directory Server). I am not pre-creating user home directories, and would like to use the pam_mkhomedir module to create the directories on the fly, when a user is authenticated via pop3s. pam_mkhomedir is working for interactive (e.g. SSH logins), but I don't want to require users to login interactively just so their home directory is created.
Dovecot version: 1.0.7 dovecot -n output: protocols: pop3s >ssl_cert_file: /etc/pki/tls/certs/mail.ourdomain.tld.pem >ssl_key_file: /etc/pki/tls/private/mail.ourdomain.tld.pem >login_dir: /var/run/dovecot/login >login_executable: /usr/libexec/dovecot/pop3-login >mail_privileged_group: mail >mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u >mail_executable: /usr/libexec/dovecot/pop3 >mail_plugin_dir: /usr/lib64/dovecot/pop3 >pop3_client_workarounds: oe-ns-eoh, outlook-no-nuls >auth default: > verbose: yes > debug: yes > passdb: > driver: pam > args: session=yes dovecot > userdb: > driver: ldap > args: /etc/dovecot-ldap.conf /etc/pam.d/dovecot: authsufficientpam_ldap.so >authrequiredpam_deny.so > > >accountsufficientpam_ldap.so >accountrequiredpam_deny.so > > >passwordsufficientpam_ldap.so use_authtok >password requiredpam_deny.so > > >sessionoptionalpam_ldap.so >sessionrequiredpam_mkhomedir.so skel=/etc/skel umask=0022 > >With the pam_mkhomedir.so line, I see the following in maillog: Jul 14 16:14:26 mail dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx resp=<hidden> Jul 14 16:14:26 mail dovecot: auth(default): client out: CONT 1 Jul 14 16:14:26 mail dovecot: auth(default): client in: CONT<hidden> Jul 14 16:14:26 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx): lookup service=dovecot Jul 14 16:14:26 mail dovecot: auth(default): new auth connection: pid=25209 Jul 14 16:14:26 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx): pam_open_session() failed: Permission denied Jul 14 16:14:28 mail dovecot: auth(default): client out: FAIL 1 user=joe.schmoe Jul 14 16:14:28 mail dovecot: auth(default): client in: AUTH 2 PLAIN service=POP3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx resp=<hidden> With the pam_mkhomedir.so line commented out: Jul 14 16:15:27 mail dovecot: auth(default): client out: CONT 1 Jul 14 16:15:27 mail dovecot: auth(default): client in: CONT<hidden> Jul 14 16:15:27 mail dovecot: auth(default): pam(joe.schmoe,xxx.xxx.xxx.xxx): lookup service=dovecot Jul 14 16:15:27 mail dovecot: auth(default): client out: OK 1 user=joe.schmoe Jul 14 16:15:27 mail dovecot: auth(default): master in: REQUEST 1 25286 1 Jul 14 16:15:27 mail dovecot: auth(default): ldap(joe.schmoe,xxx.xxx.xxx.xxx): user search: base=ou=People, dc=ourdomain, dc=tld scope=subtree filter=(&(objectClass=posixAccount)(uid=joe.schmoe)) fields=homeDirectory,uidNumber,gidNumber Jul 14 16:15:27 mail dovecot: auth(default): master out: USER 1 joe.schmoe home=/home/joe.schmoe uid=1057 gid=1000 Jul 14 16:15:27 mail dovecot: POP3(joe.schmoe): mkdir_parents(/home/joe.schmoe/mail) failed: Permission denied Jul 14 16:15:27 mail dovecot: POP3(joe.schmoe): Failed to create storage with data: mbox:/home/joe.schmoe/mail:INBOX=/var/spool/mail/joe.schmoe Jul 14 16:15:27 mail dovecot: child 25292 (pop3) returned error 89 Jul 14 16:15:27 mail dovecot: pop3-login: Login: user=<joe.schmoe>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS Jul 14 16:19:05 mail dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx resp=<hidden> Any Suggestions? Thank you!
