Qpopper changes uids to read/write spools and temp drop files.
Authentication is just one part of PAM. AFAIK, pam_mysql doesn't yet
implement PAM 'account' functions, so you must have a local uid in
/etc/passwd. The local user need not have a password. I simply create
the local users with no home dir, no shell, no password, etc.
Another possibility is using NSS to put uids in mysql, and PAM together,
but I have not tried this. Here's an interesting doc that explains some
of these issues.
http://users.linuxbourg.ch/fvgoto/informatica/tbsc/doc/final/pam_mysqlim.pdf
Ken A.
Martin Kellermann wrote:
hi Ken,
i was too curious and tried qpopper/PAM/mysql.
it is up and running... thanks!
but there is one strange behaviour which i cant explain...
users are ONLY authentivated if they have a local account (etc/passwd)!?
so, maybe my question is a bit offtopic, but i think it is maybe a
qpopper or config problem.
case 1:
- local user named "test" has local password "test"
- mysql database has username "test" and password "otherthantest"
- qpopper/pam authenticates the user correct when logging in with user
"test" and pass "otherthantest"
- pam_mysql syslogs without errors, everything is fine
case 2:
- no local user test exists
- mysql database has username "test" and password "otherthantest"
- qpopper/pam DOES NOT authenticate the user logging in with user "test"
and pass "otherthantest"
- pam_mysql syslogs shows NOTHING !
it appears that, when there is no corresponding local user, the whole
PAM mechanism isnt started...
i configured qpopper with:
./configure --prefix=/usr --sysconfdir=/etc --enable-shy --with-pam=pop3
my /etc/pam.conf is this:
pop3 auth required pam_mysql.so verbose=1 host=localhost db=* table=*
user=* passwd=* usercolumn=* passwdcolumn=* where=active=1 crypt=0
pop3 account required pam_mysql.so verbose=1 host=localhost db=* table=*
user=* passwd=* usercolumn=* passwdcolumn=* where=active=1 crypt=0
any ideas?
is there a way to tell qpopper to ONLY use PAM for authentication?
thanks in advance
MK
At 00:36 13.08.2005, you wrote:
An alternative to patching qpopper is pam_mysql, which works fine with
4.08. Just configure qpopper --with-pam and setup /etc/pam.d/pop3 to
use pam_mysql.so. This makes upgrades a bit less painful.
Ken
Martin Kellermann wrote:
hi list,
is there a patch for qpopper 4.0.8 to support mysql auth?
what i found is:
http://www.asteroid-b612.org/software/qpopper-mysql/qpopper-mysql-0.14.patch
but unfortunately it is for version 4.0.5 ...
or, does it work for 4.0.8 ?
i use qpopper for lots of years now....simply wonderful.
but some mysql support would be fine...
thanks for you hints..
MK
