On Tue, 2009-01-13 at 09:14 +0200, Oved Ben-Aroya wrote: > > >which work fine, except for Outlook/OL Express users that are asked > > >for > > >their password whenever they "send/receive"... We've had also > > >"passdb shadow" > > >that somehow "fixed" this > > > > This really makes no sense. Outlook doesn't know if you're using PAM > > or shadow. Do you mean that Outlook anyway can successfully log in, > > but just asks the password all the time? > > Sorry I was not clear in my description of the problem. > Yes, users of Outlook log in and read their mail just fine. However, > whenever they want to refresh the inbox or send mail, they are presented > with a login window of Outlook. With the "passdb shadow" directive that > somehow > crept in, Outlook users were not asked for password after they logged in > (however this broke the password exiration).
Well, there is some difference between what PAM and shadow does. Perhaps PAM starts failing the login after some time? Enable auth_debug=yes and see what the difference is between when using shadow and pam. The difference between Outlook/OE and other clients is that they keep logging out and back in all the time, while other clients typically log in only once. Perhaps you have a PAM plugin that limits the number of logins to once every n minutes or something? > I wonder if we need to enable authentication cache? It shouldn't be necessary, but if the problem is something like what I described above then auth cache will probably work around the actual problem in most cases (but not all).
signature.asc
Description: This is a digitally signed message part
