-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gordon
Messmer
Sent: Friday, March 16, 2007 5:59 PM
To: [email protected]
Subject: Re: [courier-users] Fedora + courier + authlib + radius
Dan Delaney wrote:
>
> I already have SSHD working with radius and pam_pwdb, so I know the
servers
> are responding and doing the correct thing.
pwdb means that all of the account info is in /etc/passwd, and
authentication is done by RADIUS, right?
> I have tried many variations of things for /etc/pam.d/pop3 and imap,
> currently set to:
> auth sufficient /lib/security/pam_radius_auth.so try_first_pass
> account sufficient /lib/security/pam_radius_auth.so try_first_pass
> session sufficient /lib/security/pam_radius_auth.so try_first_pass
Do you need RADIUS for account management or session or session setup?
I'd have thought it was only useful for the "auth" type.
I believe so. I am pretty good with linux, but I am a newb to this pam
stuff. Possibly this is where my problem lies?
> Authtest comes back with the following:
> [EMAIL PROTECTED] pam.d]# authtest -s pop3 user1 mypassowrd
> Authentication succeeded.
...
> [EMAIL PROTECTED] pam.d]# authtest -s pop3 user2 mypassword
> Authentication FAILED: Operation not permitted
That's odd, all right. I'd strace authtest and see what's happening
before it prints that error. I can't imagine why it'd work for one user
and not for another.
Here it is....
This is for user1 which is authenticating:
[EMAIL PROTECTED] ~]# strace authtest -s pop3 user1 password1
execve("/usr/sbin/authtest", ["authtest", "-s", "pop3", "user1",
"password1"], [/* 23 vars */]) = 0
brk(0) = 0x91a1000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7faa000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/usr/lib/courier-authlib/tls/i686/sse2/libcourierauth.so.0", O_RDONLY)
= -1 ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/tls/i686/sse2", 0xbfa1a338) = -1 ENOENT (No
such file or directory)
open("/usr/lib/courier-authlib/tls/i686/libcourierauth.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/tls/i686", 0xbfa1a338) = -1 ENOENT (No such
file or directory)
open("/usr/lib/courier-authlib/tls/sse2/libcourierauth.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/tls/sse2", 0xbfa1a338) = -1 ENOENT (No such
file or directory)
open("/usr/lib/courier-authlib/tls/libcourierauth.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/tls", 0xbfa1a338) = -1 ENOENT (No such file
or directory)
open("/usr/lib/courier-authlib/i686/sse2/libcourierauth.so.0", O_RDONLY) =
-1 ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/i686/sse2", 0xbfa1a338) = -1 ENOENT (No
such file or directory)
open("/usr/lib/courier-authlib/i686/libcourierauth.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/i686", 0xbfa1a338) = -1 ENOENT (No such
file or directory)
open("/usr/lib/courier-authlib/sse2/libcourierauth.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/sse2", 0xbfa1a338) = -1 ENOENT (No such
file or directory)
open("/usr/lib/courier-authlib/libcourierauth.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\17"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=44576, ...}) = 0
mmap2(0x29f000, 42436, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x29f000
mmap2(0x2a9000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0x2a9000
close(3) = 0
open("/usr/lib/courier-authlib/libc.so.6", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=59304, ...}) = 0
mmap2(NULL, 59304, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f9b000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\300\350"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1576920, ...}) = 0
mmap2(0x4ae76000, 1295780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0x4ae76000
mmap2(0x4afad000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x137) = 0x4afad000
mmap2(0x4afb0000, 9636, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4afb0000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f9a000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f9a6c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
seg_not_present:0, useable:1}) = 0
mprotect(0x4afad000, 8192, PROT_READ) = 0
mprotect(0x4ae72000, 4096, PROT_READ) = 0
munmap(0xb7f9b000, 59304) = 0
brk(0) = 0x91a1000
brk(0x91c2000) = 0x91c2000
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/spool/authdaemon/socket"}, 110) =
0
fcntl64(3, F_SETFL, O_RDONLY) = 0
select(4, NULL, [3], NULL, {10, 0}) = 1 (out [3], left {10, 0})
write(3, "AUTH 34\npop3\nlogin\nuser1\npass"..., 42) = 42
time(NULL) = 1174406823
time(NULL) = 1174406823
select(4, [3], NULL, NULL, {30, 0}) = 1 (in [3], left {29, 893000})
read(3, "USERNAME=user1\nGID=558\nHOME="..., 8191) = 109
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fa9000
write(1, "Authentication succeeded.\n", 26Authentication succeeded.
) = 26
write(1, "\n", 1
) = 1
write(1, " Authenticated: user1 ("..., 60 Authenticated: user1
(system username: user1)
) = 60
write(1, " Home Directory: /var/mail/us"..., 40 Home Directory:
/var/mail/user1
) = 40
write(1, " Maildir: (none)\n", 27 Maildir: (none)
) = 27
write(1, " Quota: (none)\n", 27 Quota: (none)
) = 27
write(1, "Encrypted Password: !!\n", 23Encrypted Password: !!
) = 23
write(1, "Cleartext Password: password1"..., 33Cleartext Password: password1
) = 33
write(1, " Options: (none)\n", 27 Options: (none)
) = 27
close(3) = 0
exit_group(0) = ?
Process 2969 detached
[EMAIL PROTECTED] ~]#
This is for user2 who is not:
[EMAIL PROTECTED] ~]# strace authtest -s pop3 user2 password2
execve("/usr/sbin/authtest", ["authtest", "-s", "pop3", "user2",
"password2"], [/* 23 vars */]) = 0
brk(0) = 0x9625000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f26000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/usr/lib/courier-authlib/tls/i686/sse2/libcourierauth.so.0", O_RDONLY)
= -1 ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/tls/i686/sse2", 0xbf954a78) = -1 ENOENT (No
such file or directory)
open("/usr/lib/courier-authlib/tls/i686/libcourierauth.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/tls/i686", 0xbf954a78) = -1 ENOENT (No such
file or directory)
open("/usr/lib/courier-authlib/tls/sse2/libcourierauth.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/tls/sse2", 0xbf954a78) = -1 ENOENT (No such
file or directory)
open("/usr/lib/courier-authlib/tls/libcourierauth.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/tls", 0xbf954a78) = -1 ENOENT (No such file
or directory)
open("/usr/lib/courier-authlib/i686/sse2/libcourierauth.so.0", O_RDONLY) =
-1 ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/i686/sse2", 0xbf954a78) = -1 ENOENT (No
such file or directory)
open("/usr/lib/courier-authlib/i686/libcourierauth.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/i686", 0xbf954a78) = -1 ENOENT (No such
file or directory)
open("/usr/lib/courier-authlib/sse2/libcourierauth.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/courier-authlib/sse2", 0xbf954a78) = -1 ENOENT (No such
file or directory)
open("/usr/lib/courier-authlib/libcourierauth.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\17"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=44576, ...}) = 0
mmap2(0x29f000, 42436, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x29f000
mmap2(0x2a9000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0x2a9000
close(3) = 0
open("/usr/lib/courier-authlib/libc.so.6", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=59304, ...}) = 0
mmap2(NULL, 59304, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f17000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\300\350"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1576920, ...}) = 0
mmap2(0x4ae76000, 1295780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0x4ae76000
mmap2(0x4afad000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x137) = 0x4afad000
mmap2(0x4afb0000, 9636, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4afb0000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f16000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f166c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
seg_not_present:0, useable:1}) = 0
mprotect(0x4afad000, 8192, PROT_READ) = 0
mprotect(0x4ae72000, 4096, PROT_READ) = 0
munmap(0xb7f17000, 59304) = 0
brk(0) = 0x9625000
brk(0x9646000) = 0x9646000
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/spool/authdaemon/socket"}, 110) =
0
fcntl64(3, F_SETFL, O_RDONLY) = 0
select(4, NULL, [3], NULL, {10, 0}) = 1 (out [3], left {10, 0})
write(3, "AUTH 26\npop3\nlogin\nuser2\npassw"..., 34) = 34
time(NULL) = 1174406906
time(NULL) = 1174406906
select(4, [3], NULL, NULL, {30, 0}) = 1 (in [3], left {29, 950000})
read(3, "FAIL\n", 8191) = 5
close(3) = 0
dup(2) = 3
fcntl64(3, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat64(3, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f25000
_llseek(3, 0, 0xbf954d84, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "Authentication FAILED: Operation"..., 47Authentication FAILED:
Operation not permitted
) = 47
close(3) = 0
munmap(0xb7f25000, 4096) = 0
exit_group(1) = ?
Process 2976 detached
[EMAIL PROTECTED] ~]#
I am not sure what half of this means though.
> [EMAIL PROTECTED] pam.d]# authtest -s pop3 user2
> Authentication succeeded.
...
> Basically it authenticates with no password
That message is misleading in this context. When you don't give
authtest a password, it doesn't do authentication. All it does is look
up the account info via authdaemond. In this case, it's getting that
from the system password file, or some other NSS source. "getent"
should work for that account, as should "id".
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
