Package: libpam-runtime Version: 1.1.8-3.6 Severity: normal --- Please enter the report below this line. --- To support clients which can't do GSSAPI, I've recently added plain PW authentication (pam_unix.so) to a Dovecot server setup which otherwise authenticates users against a Samba based AD via sssd (pam_sss.so).
In the default setup, generated by pam-auth-update, plain pw authentication always failed during account setup with the following message in the log: pam_acct_mgmt() failed: Permission denied To fix this, I needed to manually change this line in the generated common-account file account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so to this account [success=done new_authtok_reqd=done default=ignore] pam_unix.so ("success=1" => "success=done"), which is equivalent to "account sufficient ...", as requested by the Dovecot documentation. --- System information. --- Architecture: Kernel: Linux 4.9.0-3-amd64 Debian Release: 9.1 500 syncthing apt.syncthing.net 500 stable www.deb-multimedia.org 500 stable vwakviie2ienjx6t.onion 500 stable update.devolo.com 500 stable sgvtcaew4bxjd7ln.onion 500 stable dl.google.com --- Package information. --- Depends (Version) | Installed ===============================-+-============= debconf (>= 0.5) | 1.5.61 OR debconf-2.0 | debconf (>= 1.5.19) | 1.5.61 OR cdebconf | libpam-modules (>= 1.0.1-6) | 1.1.8-3.6 Package's Recommends field is empty. Package's Suggests field is empty. Bye... Dirk -- Dirk Heinrichs GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015 Sichere Internetkommunikation: http://www.retroshare.org Privacy Handbuch: https://www.privacy-handbuch.de
Description: This is a digitally signed message part