On Tue, Jun 17, 2008 at 12:32:23PM +0200, Tom De Puysseleyr wrote: > > In any case, what does your /etc/pam.d/imap say? Are you trying both > > system authentication and winbind authentication? If so, try removing the > system authentication. > > auth sufficient pam_winbind.so > auth required pam_nologin.so > auth required pam_stack.so service=system-auth > account required pam_stack.so service=system-auth > session required pam_stack.so service=system-auth > > I don't understand all this, still learning :-) But I guess winbind is used > first, and if that returns ok, it's enough?
Yep. Remove all the "pam_stack" lines. They are saying "now do everything which is in /etc/pam.d/system-auth" - that is, chaining to another pam config file, like a subroutine. If you want to use pam_nologin.so, then I suggest you put it *before* pam_winbind.so (the idea is to be able to prevent logins during system maintenance, but this is defeated if you allow the login before testing for nologin). e.g. try something like this: auth required pam_nologin.so file=/etc/nologin.imap auth sufficient pam_winbind.so auth required pam_deny.so There should be man pages (e.g. man pam_nologin, man pam_stack) You shouldn't need any accounting or session management modules. B. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
