Package: libpam-runtime Version: 1.1.8-3.6 Severity: normal --- Please enter the report below this line. --- To support clients which can't do GSSAPI, I've recently added plain PW authentication (pam_unix.so) to a Dovecot server setup which otherwise authenticates users against a Samba based AD via sssd (pam_sss.so).
In the default setup, generated by pam-auth-update, plain pw
authentication always failed during account setup with the following
message in the log:
pam_acct_mgmt() failed: Permission denied
To fix this, I needed to manually change this line in the generated
common-account file
account [success=1 new_authtok_reqd=done
default=ignore] pam_unix.so
to this
account [success=done new_authtok_reqd=done
default=ignore] pam_unix.so
("success=1" => "success=done"), which is equivalent to "account
sufficient ...", as requested by the Dovecot documentation.
--- System information. ---
Architecture:
Kernel: Linux 4.9.0-3-amd64
Debian Release: 9.1
500 syncthing apt.syncthing.net
500 stable www.deb-multimedia.org
500 stable vwakviie2ienjx6t.onion
500 stable update.devolo.com
500 stable sgvtcaew4bxjd7ln.onion
500 stable dl.google.com
--- Package information. ---
Depends (Version) | Installed
===============================-+-=============
debconf (>= 0.5) | 1.5.61
OR debconf-2.0 |
debconf (>= 1.5.19) | 1.5.61
OR cdebconf |
libpam-modules (>= 1.0.1-6) | 1.1.8-3.6
Package's Recommends field is empty.
Package's Suggests field is empty.
Bye...
Dirk
--
Dirk Heinrichs
GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
Sichere Internetkommunikation: http://www.retroshare.org
Privacy Handbuch: https://www.privacy-handbuch.de
signature.asc
Description: This is a digitally signed message part
