On Tue, Jan 31, 2006 at 03:46:08PM -0700, Chris Jones wrote: > When I try '/usr/host/sbin/authtest -s imap cdjones PASSWORD', I get > "Authentication FAILED: Not owner" and the following in syslog: > > Jan 31 15:43:00 setup23c authdaemond: [ID 702911 mail.debug] > received auth request, service=imap, authtype=login > Jan 31 15:43:00 setup23c authdaemond: [ID 702911 mail.debug] > authpwd: trying this module > Jan 31 15:43:00 setup23c authdaemond: [ID 702911 mail.debug] > authpwd: sysusername=cdjones, sysuserid=<null>, sysgroupid=1019, > homedir=/export/users/cdjones, address=cdjones, fullname=Chris Jones > 2, maildir=<null>, quota=<null>, options=<null> > Jan 31 15:43:00 setup23c authdaemond: [ID 702911 mail.debug] > authpwd: clearpasswd=<null>, passwd=glXXXXXXX > Jan 31 15:43:00 setup23c authdaemond: [ID 702911 mail.debug] > supplied password 'PASSWORD' does not match encrypted password > 'glXXXXXXX' > Jan 31 15:43:00 setup23c authdaemond: [ID 702911 mail.debug] > authpwd: REJECT - try next module > Jan 31 15:43:00 setup23c authdaemond: [ID 702911 mail.debug] FAIL, > all modules rejected > > Next, '/usr/host/sbin/authtest -s imap cdjones glXXXXXXX' (where > 'glXXXXXXX' is the crypt()'d version of 'PASSWORD') gives the expected > output from authtest, and the following in syslog: > > Jan 31 15:44:01 setup23c authdaemond: [ID 702911 mail.debug] > received auth request, service=imap, authtype=login > Jan 31 15:44:01 setup23c authdaemond: [ID 702911 mail.debug] > authpwd: trying this module > Jan 31 15:44:01 setup23c authdaemond: [ID 702911 mail.debug] > authpwd: sysusername=cdjones, sysuserid=<null>, sysgroupid=1019, > homedir=/export/users/cdjones, address=cdjones, fullname=Chris Jones > 2, maildir=<null>, quota=<null>, options=<null> > Jan 31 15:44:01 setup23c authdaemond: [ID 702911 mail.debug] > authpwd: clearpasswd=<null>, passwd=glXXXXXX > Jan 31 15:44:01 setup23c authdaemond: [ID 702911 mail.debug] > password matches successfully > Jan 31 15:44:01 setup23c authdaemond: [ID 702911 mail.info] > Authenticated: sysusername=cdjones, sysuserid=<null>, > sysgroupid=1019, homedir=/export/users/cdjones, address=cdjones, > fullname=Chris Jones 2, maildir=<null>, quota=<null>, options=<null> > Jan 31 15:44:01 setup23c authdaemond: [ID 702911 mail.info] > Authenticated: clearpasswd=glXXXXXXX, passwd=glXXXXXXX > > What's up with this, and how can I fix it?
authpwd is used by very few people, so it gets little care and attention. Most people authenticating against the system password database use authpam, and most of the rest use authshadow. Non-shadow Unix systems are something of an antiquity :-) Looking at the courier-authlib source code though, the point of interest is authcheckpassword() in checkpassword.c, which calls do_authcheckpassword() in the same file, and then gives the error "supplied password 'X' does not match encrypted password 'Y'. I think you will get the symptoms you see if HAVE_CRYPT is not defined. In that case, when you configure courier-authlib you need to find out why the crypt() function is not being detected, and fix it so that it is. Possibly you need to give some extra linker flags. You could argue there's a courier-authlib configuration bug here: perhaps it should have given a fatal compiler error in your case. Otherwise, do_authcheckpassword() falls back to comparing encrypted passwords as if they were unencrypted, which personally I don't think is a safe or sensible thing to do. HTH, Brian. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
