Mark et al,
I'd like to report that imap-2004g does indeed work succesfully
with AIX 5.3 and pam, building with PASSWDTYPE=pam.
As a side-note I will add that IBM's default pam.conf file, despite having
entries for imap, is not configured sufficiently to use 'out the box' the
default pam.conf contains the following stanza's for imap
imap auth required /usr/lib/security/pam_aix
imap session required /usr/lib/security/pam_aix
For our purposes it seemed necessary to also add in a stanza for imap in
the account section.
imap auth required /usr/lib/security/pam_aix debug
imap account required /usr/lib/security/pam_aix debug
imap session required /usr/lib/security/pam_aix debug
the debug flags being there just for debugging.
Thanks again Mark for all your help.
Andrew Herbert
Research Programmer
Academic Computing and Communications Center (ACCC)
University of Illinois at Chicago (UIC)
On Sun, 30 Jul 2006, Andrew J Herbert wrote:
> I had not done anything further than check that, as you say there was an
> entry for imap and it matched the entries for the other services. However
> I have found that there is a debug switch, as there is on linux PAM, and
> it does appear the problem may be more PAM related, this was our first PAM
> AIX service. Please don't spend any more time on it, and I'll investigate
> our pam.conf more thoroughly and get back to you. The error/warning
> message was what had thrown me off track.
>
> ___ ___
> /___\ herbie <at> uic <dot> edu /___\
> (o\|/o) There is no such thing as illegal immigrants, (o\|/o)
> U^^^U only illegal Governments. - (Ambalavaner Sivanandan, 1997) U^^^U
>
> On Sun, 30 Jul 2006, Mark Crispin wrote:
>
> > On Sun, 30 Jul 2006, Andrew J Herbert wrote:
> > > "osdep.c", line 147.13: 1506-068 (W) Operation between types
> > > "int(*)(int,struct pam_message**,struct pam_response**,void*)" and
> > > "int(*)(int,const struct pam_message**,struct pam_response**,void*)" is
> > > not allowed.
> >
> > Ugh. IBM bites us again.
> >
> > The conv pointer prototype on Linux, BSD, and Solaris systems all the
> > second argument as a const struct pam_message**. Apparently, someone at
> > IBM decided that it shouldn't be a const.
> >
> > Nevertheless, that diagnostic is a warning, and the compiler should
> > generate the correct object code.
> >
> > > These were all imap-2004g, all resulted in a binary which appeared to run,
> > > but only the std-build would authenticate. The pam.conf file was left as
> > > it came from AIX with an imap entry.
> >
> > This sounds like a stupid question, but have you thoroughly analyzed the
> > PAM configuration to make sure that it is set up for IMAP? This problem
> > may be a PAM configuration problem instead of an imapd problem.
> >
> > I don't know anything about pam.conf (or what IBM may have done with it),
> > but typically there is an /etc/pam.d/imap file which contains more or less
> > the same contents as what you have for ftp, rsh, etc.
> >
> > -- Mark --
> >
> > http://staff.washington.edu/mrc
> > Science does not emerge from voting, party politics, or public debate.
> > Si vis pacem, para bellum.
> >
> _______________________________________________
> Imap-uw mailing list
> [email protected]
> https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
>
_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
