G'day, I've setup the PAM module pam_ldap (written by PADL) and it correctly authenticates users with UNIX accounts setup on the server (Debian 3). The issue been that I don't want UNIX accounts on the server, I want the username/password to be validated on the LDAP directory and accepted. I the problem would have been that the directory lookup doesn't supply a UID or GID, but according to the mail logs, when qpopper is running in debug mode, the PAM database is never looked up. I'm not sure if this can be remedied, any assistance would be appreciated.
Debug when AUTH'ing with a user in LDAP & UNIX: ----------------------------------------------------- Nov 24 16:57:33.410 2003 [6793] +OK ready <[EMAIL PROTECTED]> [popper.c:255] Nov 24 16:57:33.410 2003 [6793] Qpopper ready for input from (null) at 203.23.179.81 [203.23.179.81] [popper.c:294] Nov 24 16:57:35.755 2003 [6793] Received (10): "user hosie" [pop_get_command.c:105] Nov 24 16:57:35.774 2003 [6793] home (11): '/home/hosie' [pop_user.c:218] Nov 24 16:57:35.774 2003 [6793] APOP; AllowClearText != ClearTextAlways; checking if user exists in APOP db [pop_user.c:237] Nov 24 16:57:35.774 2003 [6793] +OK Password required for hosie. [pop_user.c:431] Nov 24 16:57:35.775 2003 [6793] user returned 1; CurrentState now auth2 [popper.c:338] Nov 24 16:57:35.775 2003 [6793] Qpopper ready for input from hosie at 203.23.179.81 [203.23.179.81] [popper.c:294] Nov 24 16:57:37.223 2003 [6793] Received: "pass xxxxxxxxx" [pop_get_command.c:96] Nov 24 16:57:37.227 2003 [6793] pam_start (service name qpopper) returned 0; gp_errcode=0 [pop_pass.c:451] Nov 24 16:57:37.228 2003 [6793] PAM_qpopper_conv: num_msg=1 [pop_pass.c:387] Nov 24 16:57:37.228 2003 [6793] PAM_qpopper_conv: msg_style[0]=1 [pop_pass.c:395] Nov 24 16:57:37.268 2003 [6793] pam_authenticate returned 0; gp_errcode=0 [pop_pass.c:473] Nov 24 16:57:37.274 2003 [6793] pam_acct_mgmt returned 0 [pop_pass.c:483] Nov 24 16:57:37.274 2003 [6793] pam_setcred returned 0 [pop_pass.c:492] Nov 24 16:57:37.274 2003 [6793] pam_set_item returned 0 [pop_pass.c:502] Nov 24 16:57:37.274 2003 [6793] pam_set_item returned 0 [pop_pass.c:510] Nov 24 16:57:37.275 2003 [6793] ...built: (23) '/var/mail/' [genpath.c:158] Nov 24 16:57:37.276 2003 [6793] genpath Spool (1) [hash: 0; home: NULL] for user hosie returning /var/mail/hosie [genpath.c:2 Nov 24 16:57:37.276 2003 [6793] ...built: (55) '/var/spool/pop//' [genpath.c:158] Nov 24 16:57:37.276 2003 [6793] genpath .pop (2) [hash: 0; home: NULL] for user hosie returning /var/spool/pop//.hosie.pop [g Nov 24 16:57:37.276 2003 [6793] Temporary maildrop name: '/var/spool/pop//.hosie.pop' [pop_dropcopy.c:1255] Nov 24 16:57:37.277 2003 [6793] uid = 1000, gid = 8, euid = 1000, egid = 8 [pop_dropcopy.c:1485] Nov 24 16:57:37.277 2003 [6793] Opened temp drop /var/spool/pop//.hosie.pop (4) [pop_dropcopy.c:1501] Nov 24 16:57:37.277 2003 [6793] Set p->drop to stream for 4 [pop_dropcopy.c:1585] Nov 24 16:57:37.277 2003 [6793] Getting mail lock [pop_dropcopy.c:1625] Nov 24 16:57:37.277 2003 [6793] successfully opened (exclusive) lock /var/mail/hosie.lock [maillock.c:477] Nov 24 16:57:37.278 2003 [6793] maillock() on file /var/mail/hosie (/var/mail/hosie.lock) [pop_dropcopy.c:1631] returning 0 ( Nov 24 16:57:37.278 2003 [6793] Opened spool /var/mail/hosie (7) [pop_dropcopy.c:1663] Nov 24 16:57:37.278 2003 [6793] Server mode: set p->hold to temp drop (4) and p->drop to stream for spool (7) [pop_dropcopy.c Nov 24 16:57:37.278 2003 [6793] ...built: (55) '/var/spool/pop//' [genpath.c:158] Nov 24 16:57:37.279 2003 [6793] genpath .cache (6) [hash: 0; home: NULL] for user hosie returning /var/spool/pop//.hosie.cach Nov 24 16:57:37.279 2003 [6793] Read cache file "/var/spool/pop//.hosie.cache"; msg_count=2; toc_size=128; drop_size=1021; sp Nov 24 16:57:37.279 2003 [6793] Recalculated offset before bulletin processing: 1087 [pop_dropcopy.c:1756] Nov 24 16:57:37.279 2003 [6793] Maximum bulletin: 0 [pop_bull.c:412] Nov 24 16:57:37.280 2003 [6793] No .popbull file for hosie [pop_bull.c:522] Nov 24 16:57:37.280 2003 [6793] Temp drop contains 2 (2 visible) messages in 1087 octets [pop_dropcopy.c:1791] Nov 24 16:57:37.280 2003 [6793] Msg 1 (1) uidl '#-*!!LVl!!_%n!!FVN"! ' at offset 0 is 511 octets long and has 16 lines. [pop_dropcopy.c:1798] Nov 24 16:57:37.280 2003 [6793] Msg 2 (2) uidl '01F!!8!##!""A!!7X7"! ' at offset 544 is 510 octets long and has 16 lines. [pop_dropcopy.c:1798] Nov 24 16:57:37.280 2003 [6793] mailunlock() called [pop_dropcopy.c:1807] for /var/mail/hosie.lock [maillock.c:579] Nov 24 16:57:37.280 2003 [6793] (v4.0.4) POP login by user "hosie" at (203.23.179.81) 203.23.179.81 [pop_log.c:244] Nov 24 16:57:37.281 2003 [6793] +OK hosie has 2 visible messages (0 hidden) in 1021 octets. [pop_pass.c:1446] ----------------------------------------------------- Debug when AUTH'ing with a user in LDAP but no in UNIX: ----------------------------------------------------- Nov 24 16:56:36.927 2003 [6789] +OK ready <[EMAIL PROTECTED]> [popper.c:255] Nov 24 16:56:36.927 2003 [6789] Qpopper ready for input from (null) at 203.23.179.81 [203.23.179.81] [popper.c:294] Nov 24 16:56:47.263 2003 [6789] Received (11): "user minime" [pop_get_command.c:105] Nov 24 16:56:47.282 2003 [6789] APOP; AllowClearText != ClearTextAlways; checking if user exists in APOP db [pop_user.c:237] Nov 24 16:56:47.282 2003 [6789] +OK Password required for minime. [pop_user.c:431] Nov 24 16:56:47.282 2003 [6789] user returned 1; CurrentState now auth2 [popper.c:338] Nov 24 16:56:47.283 2003 [6789] Qpopper ready for input from minime at 203.23.179.81 [203.23.179.81] [popper.c:294] Nov 24 16:56:49.093 2003 [6789] Received: "pass xxxxxxxxx" [pop_get_command.c:96] Nov 24 16:56:49.093 2003 [6789] User minime not known by system [pop_pass.c:1289] Nov 24 16:56:59.102 2003 [6789] minime at 203.23.179.81 (203.23.179.81): -ERR [AUTH] Password supplied for "minime" is incorr Nov 24 16:56:59.103 2003 [6789] pass returned 0; CurrentState now halt [popper.c:338] Nov 24 16:56:59.103 2003 [6789] +OK Pop server at pen-pen.gsat.net.au signing off. [popper.c:360] Nov 24 16:56:59.103 2003 [6789] (v4.0.4) Ending request from "minime" at (203.23.179.81) 203.23.179.81 [popper.c:378] Nov 24 16:56:59.103 2003 [6789] (v4.0.4) Timing for [EMAIL PROTECTED] (normal) auth=0 init=0 clean=0 [popper.c:384] ----------------------------------------------------- Thanks, Andrew Hosie GSAT Technical Consultant Email: [EMAIL PROTECTED] Http: www.gsat.net.au Ph: 1300 65 4728 Ph: +61 3 5227 8022 Fax: +61 3 5227 8023
