Package: libpam-runtime
Version: 1.1.8-3.6
Severity: normal

--- Please enter the report below this line. ---
To support clients which can't do GSSAPI, I've recently added plain PW
authentication ( to a Dovecot server setup which otherwise
authenticates users against a Samba based AD via sssd (

In the default setup, generated by pam-auth-update, plain pw
authentication always failed during account setup with the following
message in the log:

    pam_acct_mgmt() failed: Permission denied

To fix this, I needed to manually change this line in the generated
common-account file

    account [success=1 new_authtok_reqd=done

to this

    account [success=done new_authtok_reqd=done

("success=1" => "success=done"), which is equivalent to "account
sufficient ...", as requested by the Dovecot documentation.

--- System information. ---
Kernel:       Linux 4.9.0-3-amd64

Debian Release: 9.1
  500 syncthing 
  500 stable 
  500 stable          vwakviie2ienjx6t.onion 
  500 stable 
  500 stable          sgvtcaew4bxjd7ln.onion 
  500 stable 

--- Package information. ---
Depends               (Version) | Installed
debconf               (>= 0.5)  | 1.5.61
 OR debconf-2.0                 | 
debconf            (>= 1.5.19)  | 1.5.61
 OR cdebconf                    | 
libpam-modules     (>= 1.0.1-6) | 1.1.8-3.6

Package's Recommends field is empty.

Package's Suggests field is empty.


Dirk Heinrichs
GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
Sichere Internetkommunikation:
Privacy Handbuch: 

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to