RH9; imap-2002e; PAM authentication

Wed, 01 Oct 2003 09:19:07 -0700 

We have been happily using Washington imap and pop for several years on
Solaris, using NIS authentication.  We are in the process of making two
migrations: (1) from Solaris towards Linux (2) from NIS authentication
towards Active Directory (via PAM/krb5) authentication.  So that's four
combinations.

1. Solaris/NIS: Fine; using for years;

2. Linux/NIS: Fine; using for a few months;

3. Solaris/AD-via-PAM: Fine (PAM only uses perm_krb5 not pam_unix;
   verified on accounts with deliberately different NIS and AD passwords);

4. Linux/AD: Trouble.  Following the FAQ (PAM for plaintext passwords) I
   rebuilt with "make lnp".  But neither password works.  Have tried
   versions imap-2002c1 and imap-2002e.  (The other services on the box
   (telnet, rlogin, etc.) are fine: "/etc/pam.d/system-auth" has, for the
   moment, been set to accept either password.)

In debugging this Linux/AD, I determined that in "src/osdep/unix/ckp_pam.c":

  if ((pam_start ((char *) mail_parameters (NIL,GET_SERVICENAME,NIL),
                  pw->pw_name,&conv,&hdl) != PAM_SUCCESS) ||
      (pam_set_item (hdl,PAM_RHOST,tcp_clientaddr ()) != PAM_SUCCESS) ||
      (pam_authenticate (hdl,NIL) != PAM_SUCCESS) ||
      (pam_acct_mgmt (hdl,NIL) != PAM_SUCCESS) ||
      (pam_setcred (hdl,PAM_ESTABLISH_CRED) != PAM_SUCCESS)) {

"pam_start()" and the first "pam_set_item()" were succeeding, but that
"pam_authenticate()" fails.  Further, I suspect that "checkpw_conv()"
(part of the "&conv" argument) is not being called (it didn't stop at a
breakpoint on the routine, whereas it does on (working) Solaris/AD).

[ System details:

/etc/redhat-release:
   Red Hat Linux release 9 (Shrike)

uname -a:
   Linux pluto2 2.4.20-19.9smp #1 SMP Tue Jul 15 17:04:18 EDT 2003 i686 i686 i386 
GNU/Linux

cc --version:
   cc (GCC) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)

]

Any thoughts, tips, hints etc. and what I might have missed?  (Or known
bugs/issues, etc.?)


-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :
-- 
------------------------------------------------------------------
 For information about this mailing list, and its archives, see: 
 http://www.washington.edu/imap/c-client-list.html
------------------------------------------------------------------

Reply via email to