> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:courier-users-
> [EMAIL PROTECTED] On Behalf Of Gordon Messmer
> Sent: Tuesday, March 20, 2007 1:21 PM
> To: [email protected]
> Subject: Re: [courier-users] Fedora + courier + authlib + radius
>
> Before I reply, could I ask you to reconfigure Outlook so that it quotes
> messages to which you reply? It's quite difficult to read your replies
> otherwise. Google says:
> http://www.slipstick.com/mail1/quote.htm
>
> Dan Delaney wrote:
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > On Behalf Of Gordon Messmer
> >
> >> I have tried many variations of things for /etc/pam.d/pop3 and imap,
> >> currently set to:
> >> auth sufficient /lib/security/pam_radius_auth.so try_first_pass
> >> account sufficient /lib/security/pam_radius_auth.so try_first_pass
> >> session sufficient /lib/security/pam_radius_auth.so try_first_pass
> >
> > Do you need RADIUS for account management or session or session setup?
> > I'd have thought it was only useful for the "auth" type.
> >
> > I believe so. I am pretty good with linux, but I am a newb to this pam
> > stuff. Possibly this is where my problem lies?
>
> No, I don't think so. I would think those lines are extraneous, but not
> harmful.
>
> > [EMAIL PROTECTED] ~]# strace authtest -s pop3 user2 password2
> ...
> > write(3, "AUTH 26\npop3\nlogin\nuser2\npassw"..., 34) = 34
> ...
> > read(3, "FAIL\n", 8191) = 5
> ...
> > _llseek(3, 0, 0xbf954d84, SEEK_CUR) = -1 ESPIPE (Illegal seek)
> > write(3, "Authentication FAILED: Operation"..., 47) = 47
>
> Those are the important parts. The "Operation not permitted" message is
> from perror(), I believe, which seemed very odd. Your trace shows that
> the message is mostly meaningless. It's an error caused by an lseek()
> on a pipe.
>
> Basically, we have to disregard that bit of output and figure out why
> authdaemond can't authenticate user2 with the password you gave. Do
> your radius utilities allow you to test authentication? Does the
> username and password that you just tested work with those utilities?
> What does your "secure" log say when you try using authtest? PAM
> messages are probably printed there. Does your radius server log
> errors? What's going on there when you use authtest?
I believe I have pinpointed where this error is coming from. User1 is more
of a management account (mine) which allows full access to everything, while
user2 is a simple "mailbox only" account. What appears to be happening is
that our OpenVMS radius server is allowing user1 because it will permit the
interactive-logon, but failing user2 because it does not allow
interactive-logins. When we manually allowed these logins for user2, it went
through without any problems.
So my next issue is selectively choosing what service type is used for which
protocol. I Saw a patch from 2000 which added a service_type function to
pam_radius_auth, but it does not seem to be in the current release. I Was
going to try to manually patch and recompile. (copying and pasting the patch
didn't seem to work right)
Ugg. OK so my manager just messaged me saying its working, so I will follow
up with him to see what needed to be done and post back.
Thanks for your help so far.
Dan Delaney
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> courier-users mailing list
> [email protected]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
