Hallo,
seit einer Woche und 2 Tagen versuche ich eine PAM-Authentifizierung in dovecot mit ohne Erfolg einzubinden.
Den Herrn Google habe ich mit zig^2 Suchanfragen gequält und HowTo's durchwühlt.
Komme aber immer noch nicht weiter.
Verwendetes System
Frisch installiertes Debian 4.0 (Etch) - stable
Logfiles
Lokale IP: 172.16.5.115
Lokale Mail-Client-IP: 172.16.5.71
Ohne PAM klappt der IMAP- Zugriff einwandfrei:
(Hier die Konfiguration, zur Ansicht.)
|
Quellcode
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
linux:/# cat /etc/dovecot/dovecot.conf
#disable_plaintext_auth = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
ssl_disable = no
ssl_cert_file=/etc/ssl/certs/dovecot.pem
ssl_key_file=/etc/ssl/private/dovecot.pem
ssl_verify_client_cert = no
mail_location = maildir:/srv/mailsystem/%d/%n
mail_extra_groups = mail
protocol imap {
imap_client_workarounds = outlook-idle
}
protocol pop3 {
pop3_uidl_format = %v-%u
}
auth default {
mechanisms = plain login
passdb passwd-file {
args = /srv/mailusers.db
}
# passdb pam {
# args = MAIL
# args = setcred=yes MAIL
# }
userdb static {
args = uid=5000 gid=5000 home=/srv/mailsystem/%d/%n
}
user = root
ssl_require_client_cert = no
socket listen {
client {
user = postfix
group = postfix
path = /var/spool/postfix/private/auth
mode = 0660
}
}
}
auth_debug=yes
auth_debug_passwords=yes
linux:/#
|
|
Quellcode
|
1
2
3
|
linux:/# /srv/mailusers.db
user2@domain1:$1$tO42pmK2$VEG4mU84nWKNdWWBipqI6/
linux:/#
|
(MD5-Passwort: 123456789)
|
Quellcode
|
1
2
3
|
linux:/# /etc/init.d/dovecot restart
Restarting mail server: dovecot.
linux:/#
|
IMAP- Abruf des Postfaches mittels Mailclient...
|
Quellcode
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
linux:/# cat /var/log/mail.log
Aug 3 09:00:07 linux dovecot: Killed with signal 15
Aug 3 09:00:08 linux dovecot: Dovecot v1.0.rc15 starting up
Aug 3 09:00:09 linux dovecot: auth(default): passwd-file /srv/mailusers.db: Read 1 users
Aug 3 08:59:26 linux dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=172.16.5.115^Irip=172.16.5.71^Iresp=AHVzZXIyQGRvbWFpbjEAMTIzNDU2Nzg5
Aug 3 08:59:26 linux dovecot: auth(default): client out: OK^I1^Iuser=user2@domain1
Aug 3 08:59:26 linux dovecot: auth(default): master in: REQUEST^I1^I2285^I1
Aug 3 08:59:26 linux dovecot: auth(default): master out: USER^I1^Iuser2@domain1^Iuid=5000^Igid=5000^Ihome=/srv/mailsystem/domain1/user2
Aug 3 08:59:26 linux dovecot: imap-login: Login: user=<user2@domain1>, method=PLAIN, rip=172.16.5.71, lip=172.16.5.115, TLS
Aug 3 08:59:27 linux dovecot: IMAP(user2@domain1): Disconnected
Aug 3 08:59:27 linux dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=172.16.5.115^Irip=172.16.5.71^Iresp=AHVzZXIyQGRvbWFpbjEAMTIzNDU2Nzg5
Aug 3 08:59:27 linux dovecot: auth(default): client out: OK^I1^Iuser=user2@domain1
Aug 3 08:59:27 linux dovecot: auth(default): master in: REQUEST^I2^I2284^I1
Aug 3 08:59:27 linux dovecot: auth(default): master out: USER^I2^Iuser2@domain1^Iuid=5000^Igid=5000^Ihome=/srv/mailsystem/domain1/user2
Aug 3 08:59:27 linux dovecot: imap-login: Login: user=<user2@domain1>, method=PLAIN, rip=172.16.5.71, lip=172.16.5.115, TLS
Aug 3 08:59:27 linux dovecot: IMAP(user2@domain1): Disconnected in IDLE
Aug 3 08:59:28 linux dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=172.16.5.115^Irip=172.16.5.71^Iresp=AHVzZXIyQGRvbWFpbjEAMTIzNDU2Nzg5
Aug 3 08:59:28 linux dovecot: auth(default): client out: OK^I1^Iuser=user2@domain1
Aug 3 08:59:28 linux dovecot: auth(default): master in: REQUEST^I3^I2286^I1
Aug 3 08:59:28 linux dovecot: auth(default): master out: USER^I3^Iuser2@domain1^Iuid=5000^Igid=5000^Ihome=/srv/mailsystem/domain1/user2
Aug 3 08:59:28 linux dovecot: imap-login: Login: user=<user2@domain1>, method=PLAIN, rip=172.16.5.71, lip=172.16.5.115, TLS
Aug 3 08:59:31 linux dovecot: IMAP(user2@domain1): Disconnected: Logged out
linux:/var/log#
|
Bis hier hin funktioniert der IMAP- Abruf tadellos.
Auf PAM umkonfiguriert: (Fehlerhaft?)
|
Quellcode
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
linux:/# cat /etc/dovecot/dovecot.conf
#disable_plaintext_auth = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
ssl_disable = no
ssl_cert_file=/etc/ssl/certs/dovecot.pem
ssl_key_file=/etc/ssl/private/dovecot.pem
ssl_verify_client_cert = no
mail_location = maildir:/srv/mailsystem/%d/%n
mail_extra_groups = mail
protocol imap {
imap_client_workarounds = outlook-idle
}
protocol pop3 {
pop3_uidl_format = %v-%u
}
auth default {
mechanisms = plain login
# passdb passwd-file {
# args = /srv/mailusers.db
# }
passdb pam {
# args = MAIL
args = setcred=yes MAIL
}
userdb static {
args = uid=5000 gid=5000 home=/srv/mailsystem/%d/%n
}
user = root
ssl_require_client_cert = no
socket listen {
client {
user = postfix
group = postfix
path = /var/spool/postfix/private/auth
mode = 0660
}
}
}
linux:/#
|
|
Quellcode
|
1
2
3
4
5
6
7
8
9
|
linux:/# cat /etc/pam.d/MAIL
#%PAM-1.0
auth required pam_pwdfile.so pwdfile /srv/mailusers.db
account required pam_permit.so
#@include common-account
#@include common-session
linux:/#
|
Zur Sicherheit:
|
Quellcode
|
1
2
|
linux:/# ln -s MAIL dovecot
linux:/#
|
|
Quellcode
|
1
2
3
|
linux:/# /etc/init.d/dovecot restart
Restarting mail server: dovecot.
linux:/#
|
Mailclient: SSL-Zertifikat akzeptieren
OK
Mailclient: Mailabrufen
Fehler
Benutzer/Passwort falsch
|
Quellcode
|
1
2
3
4
5
6
7
8
9
10
11
12
|
linux:/# cat /var/log/auth.log
Aug 3 09:09:01 linux CRON[2526]: (pam_unix) session opened for user root by (uid=0)
Aug 3 09:09:01 linux CRON[2526]: (pam_unix) session closed for user root
Aug 3 09:12:15 linux dovecot-auth: (pam_unix) check pass; user unknown
Aug 3 09:12:15 linux dovecot-auth: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=172.16.5.71
Aug 3 09:12:18 linux dovecot-auth: (pam_unix) check pass; user unknown
Aug 3 09:12:18 linux dovecot-auth: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=172.16.5.71
Aug 3 09:12:20 linux dovecot-auth: (pam_unix) check pass; user unknown
Aug 3 09:12:20 linux dovecot-auth: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=172.16.5.71
Aug 3 09:12:22 linux dovecot-auth: (pam_unix) check pass; user unknown
Aug 3 09:12:22 linux dovecot-auth: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=172.16.5.71
linux:/#
|
|
Quellcode
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
linux:/# cat /var/mail.log
Aug 3 09:05:13 linux dovecot: Killed with signal 15
Aug 3 09:05:15 linux dovecot: Dovecot v1.0.rc15 starting up
Aug 3 09:12:15 linux dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=172.16.5.115^Irip=172.16.5.71^Iresp=AHVzZXIyQGRvbWFpbjEAMTIzNDU2Nzg5
Aug 3 09:12:17 linux dovecot: auth(default): pam(user2@domain1,172.16.5.71): pam_authenticate() failed: User not known to the underlying authentication module
Aug 3 09:12:18 linux dovecot: auth(default): client out: FAIL^I1^Iuser=user2@domain1
Aug 3 09:12:18 linux dovecot: imap-login: Disconnected: user=<user2@domain1>, method=PLAIN, rip=172.16.5.71, lip=172.16.5.115, TLS
Aug 3 09:12:18 linux dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=172.16.5.115^Irip=172.16.5.71^Iresp=AHVzZXIyQGRvbWFpbjEAMTIzNDU2Nzg5
Aug 3 09:12:20 linux dovecot: auth(default): pam(user2@domain1,172.16.5.71): pam_authenticate() failed: User not known to the underlying authentication module
Aug 3 09:12:20 linux dovecot: auth(default): client out: FAIL^I1^Iuser=user2@domain1
Aug 3 09:12:20 linux dovecot: imap-login: Disconnected: user=<user2@domain1>, method=PLAIN, rip=172.16.5.71, lip=172.16.5.115, TLS
Aug 3 09:12:20 linux dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=172.16.5.115^Irip=172.16.5.71^Iresp=AHVzZXIyQGRvbWFpbjEAMTIzNDU2Nzg5
Aug 3 09:12:21 linux dovecot: auth(default): pam(user2@domain1,172.16.5.71): pam_authenticate() failed: User not known to the underlying authentication module
Aug 3 09:12:22 linux dovecot: auth(default): client out: FAIL^I1^Iuser=user2@domain1
Aug 3 09:12:22 linux dovecot: imap-login: Disconnected: user=<user2@domain1>, method=PLAIN, rip=172.16.5.71, lip=172.16.5.115, TLS
Aug 3 09:12:22 linux dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=172.16.5.115^Irip=172.16.5.71^Iresp=AHVzZXIyQGRvbWFpbjEAMTIzNDU2Nzg5
Aug 3 09:12:24 linux dovecot: auth(default): pam(user2@domain1,172.16.5.71): pam_authenticate() failed: User not known to the underlying authentication module
Aug 3 09:12:26 linux dovecot: auth(default): client out: FAIL^I1^Iuser=user2@domain1
Aug 3 09:12:26 linux dovecot: imap-login: Disconnected: user=<user2@domain1>, method=PLAIN, rip=172.16.5.71, lip=172.16.5.115, TLS
linux:/#
|
PAM (auf password like file) möchte ich nutzen, damit dovecot und saslauth die gleiche Datenbank nutzen. Die Benutzer/ Passwörter sollen nicht in einer MySQL-Datenbank oder in /etc/passwd /etc/shadow gespeichert werden.
Irgend etwas mache ich in der PAM-Konfiguration völlig falsch, nur was?
(libpam-pwdfile ist auch installiert.)
MfG,
JR