Dan Delaney wrote: > > I already have SSHD working with radius and pam_pwdb, so I know the servers > are responding and doing the correct thing.
pwdb means that all of the account info is in /etc/passwd, and authentication is done by RADIUS, right? > I have tried many variations of things for /etc/pam.d/pop3 and imap, > currently set to: > auth sufficient /lib/security/pam_radius_auth.so try_first_pass > account sufficient /lib/security/pam_radius_auth.so try_first_pass > session sufficient /lib/security/pam_radius_auth.so try_first_pass Do you need RADIUS for account management or session or session setup? I'd have thought it was only useful for the "auth" type. > Authtest comes back with the following: > [EMAIL PROTECTED] pam.d]# authtest -s pop3 user1 mypassowrd > Authentication succeeded. ... > [EMAIL PROTECTED] pam.d]# authtest -s pop3 user2 mypassword > Authentication FAILED: Operation not permitted That's odd, all right. I'd strace authtest and see what's happening before it prints that error. I can't imagine why it'd work for one user and not for another. > [EMAIL PROTECTED] pam.d]# authtest -s pop3 user2 > Authentication succeeded. ... > Basically it authenticates with no password That message is misleading in this context. When you don't give authtest a password, it doesn't do authentication. All it does is look up the account info via authdaemond. In this case, it's getting that from the system password file, or some other NSS source. "getent" should work for that account, as should "id". ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
