Re: [Courier-imap] Problems with authdaemon and pam configuration.

Tue, 14 Mar 2006 05:22:06 -0800 

Hi,

Thanks, this is ok.

The problem is that I don't want pam to look for the user at /etc/passwd
(pam_unix.so and pam_unix2.so). I need to force the use of
pam_custom_module.so when authenticating via IMAP.
Where is it taking this configuration from? I mean: "this is IMAP auth
-> so pam_unix.so -> so /etc/passwd"

The custom module we made authenticates the user against SQLServer via
Servlet, and returns

retval = PAM_SUCCESS; 

from pam_sm_authenticate if the response is correct, and after looks for
the maildir path etc. at MySQL.

Its Currently working in other machine with Cyrus-SASL and saslauth, but
I think It showld work with authdaemond too (if I can tell authdaemond
which pam module shoud use). I show you to explain:

-------------------------------- PAM configuration
servername:~# cat /etc/pam.d/imap
#%PAM-1.0
auth    sufficient       pam_unix2.so   nullok #set_secrpc

auth    required         pam_custom_module.so
url=http://www.otherserver.es/servlet/GetUserDetails?entrada=16
testmode=1 service=email

account required         pam_universia.so

-------------------------------- LOG after imap login
Mar 14 14:53:53 servername saslauthd[19163]: pam_universia: acct_mgmt
called but not implemented. Dont panic though :)
Mar 14 14:54:16 servername saslauthd[19161]: pam_sm_authenticate
called :: custom
Mar 14 14:54:16 servername saslauthd[19161]: pam_sm_authenticate:
using: http://www.otherserver.es/servlet/GetUserDetails?entrada=16
Mar 14 14:54:16 servername saslauthd[19161]: pam_custom_module:
authenticating 'user' 'pass'
Mar 14 14:54:17 servername saslauthd[19161]: AuthServlet trying:
http://www.otherserver.es/servlet/GetUserDetails?entrada=16&user=user&pass=pass
Mar 14 14:54:17 servername saslauthd[19161]: AuthServlet :: response -
[user data, etc...] <getuserdetails result="OK">   </getuserdetails> Mar
14 14:54:18 servername saslauthd[19158]: pam_custom_module:
authentication succeeded!

--------------------------------

Any ideas?

Thanks all.

El mar, 14-03-2006 a las 06:37 +0000, Brian Candler escribió:
> On Mon, Mar 13, 2006 at 06:21:19PM +0100, Pablo Martn-Portugus wrote:
> > Thanks for your recomendations Brian.
> > I was already using it, but the output doesn't help in that case as you
> > can see.
> ...
> > Mar 13 19:08:07 jerte2 authdaemond: authpam: trying this module
> > Mar 13 19:08:07 jerte2 authdaemond: authpam: username 'test' not found
> > in password file
> 
> That's your error, and I think it's pretty clear.
> 
> The authpam module needs two things:
> 1. a source of information to get the HOMEDIR, UID and GID from; it does
>    this using the getpwnam() function, which typically looks in the Unix
>    password file, although it may be configured differently (e.g. using
>    nsswitch.conf). See preauthpam.c
> 2. PAM to validate the password
> 
> If the username does not exist in (1), then it doesn't bother trying to
> validate the password in (2). It would be a pointless exercise.
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Courier-imap mailing list
> [email protected]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
> 




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap

Reply via email to