Package: libpam-runtime
Version: 1.1.8-3.6
Severity: normal

--- Please enter the report below this line. ---
To support clients which can't do GSSAPI, I've recently added plain PW
authentication (pam_unix.so) to a Dovecot server setup which otherwise
authenticates users against a Samba based AD via sssd (pam_sss.so).

In the default setup, generated by pam-auth-update, plain pw
authentication always failed during account setup with the following
message in the log:

    pam_acct_mgmt() failed: Permission denied

To fix this, I needed to manually change this line in the generated
common-account file

    account [success=1 new_authtok_reqd=done
    default=ignore]     pam_unix.so

to this

    account [success=done new_authtok_reqd=done
    default=ignore]     pam_unix.so

("success=1" => "success=done"), which is equivalent to "account
sufficient ...", as requested by the Dovecot documentation.

--- System information. ---
Architecture: 
Kernel:       Linux 4.9.0-3-amd64

Debian Release: 9.1
  500 syncthing       apt.syncthing.net 
  500 stable          www.deb-multimedia.org 
  500 stable          vwakviie2ienjx6t.onion 
  500 stable          update.devolo.com 
  500 stable          sgvtcaew4bxjd7ln.onion 
  500 stable          dl.google.com 

--- Package information. ---
Depends               (Version) | Installed
===============================-+-=============
debconf               (>= 0.5)  | 1.5.61
 OR debconf-2.0                 | 
debconf            (>= 1.5.19)  | 1.5.61
 OR cdebconf                    | 
libpam-modules     (>= 1.0.1-6) | 1.1.8-3.6


Package's Recommends field is empty.

Package's Suggests field is empty.


Bye...

        Dirk
-- 
Dirk Heinrichs
GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
Sichere Internetkommunikation: http://www.retroshare.org
Privacy Handbuch: https://www.privacy-handbuch.de 

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to