On 12/11/05 09:44 PM, Louis LeBlanc sat at the `puter and typed: > Hey folks. > > Is it me, or is the courier-authlib port the absolute worst thing to > upgrade? It seems like *every* single time I try to upgrade this > port, I wind up with nobody being able to log into my courier > installation. Usually, it's a simple matter of a simple manual > restart of the daemon (it shuts down fine at deinstallation, but won't > start back up when portupgrade is used), sometimes it's a minor config > tweak. > > The thing is I keep forgetting this little issue for some stupid > reason, and this time, I've got the darn thing dumping core every time > someone tries to log in. > > The ports/security/courier-authlib-base/ port installs without any > problems, but it only builds and installs the libauthpam.so module. > This is fine, I guess, since I've removed all the other modules from > the authmodulelist config - that's the only one it ever used before > anyway. > > So, now I've gone through the whole fiasco of re-installing my entire > courier-* setup, verifying ALL the configs for authdaemonrc, imapd, > and imapd-ssl. Still, authdaemond dumps core anytime someone tries to > log in. > > Anyone else see anything wierd with courier-authlib-base-0.58? > > I have googled for it, and all I get are links to the various copies > of the ports/UPDATING file. Of course, it contains all the keywords I > can come up with, but none are relevant to the recent issue - and the > current UPDATING file has nothing about the latest courier-authlib > update. > > BTW, I'm the only one on the system that can get mail, because I'm > using mutt. My Thunderbird and Squirrelmail users cannot log into > either imap service (imapd with squirrelmail, imapd-ssl remotely). > So, this is a little annoying, and probably a bit urgent. > > I have the entire port configuration output if it's of any help. It > looks like the config process cycles through 12 times.
Quick followup: I ran a couple tests with this as follows: Using authtest, I was able to see what the encrypted password was on my user account. I then set DEBUG=2 in the authdaemonrc file, and restarted the authdaemon. This routs encrypted passwords to the debug file when a login is attempted. These passwords do match, but the debug log shows a rejection. Here's the output to the debug log: Dec 11 22:08:07 keyslapper imapd: Connection, ip=[::1] Dec 11 22:08:07 keyslapper authdaemond: received auth request, service=imap, authtype=login Dec 11 22:08:07 keyslapper authdaemond: authpam: trying this module Dec 11 22:08:07 keyslapper authdaemond: authpam: sysusername=leblanc, sysuserid=<null>, sysgroupid=1001, homedir=/home/leblanc, address=leblanc, fullname=Louis LeBlanc, maildir=<null>, quota=<null>, options=<null> Dec 11 22:08:07 keyslapper authdaemond: authpam: clearpasswd=<null>, passwd=$1$zXwYvUtS$W1234567890ABCdefGHIj/ Dec 11 22:08:07 keyslapper authdaemond: pam_service=imap, pam_username=leblanc Dec 11 22:08:07 keyslapper authdaemond: authpam: REJECT - try next module Dec 11 22:08:07 keyslapper authdaemond: FAIL, all modules rejected and the authtest output: <root># authtest leblanc Authentication succeeded. Authenticated: leblanc (system username: leblanc) Home Directory: /home/leblanc Maildir: (none) Quota: (none) Encrypted Password: $1$zXwYvUtS$W1234567890ABCdefGHIj/ Cleartext Password: (none) Options: wbnodsn=1 Naturally, I changed the encrypted password here, but rest assured I did check them character by character. BTW, authdaemond did dump core again. Thanks again. Lou -- Louis LeBlanc FreeBSD-at-keyslapper-DOT-net Fully Funded Hobbyist, KeySlapper Extrordinaire :) Please send off-list email to: leblanc at keyslapper d.t net Key fingerprint = C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2 God doesn't play dice. -- Albert Einstein
pgpZRHWzgbTjF.pgp
Description: PGP signature