Original post again, haven't seen it on the list yet ...
-------- Original Message --------
Subject: PAM question
Date: Thu, 25 Jan 2001 09:35:53 +0200
From: Buchan Milne <[EMAIL PROTECTED]>
Organization: Stellenbosch Automotive Engineering
To: Expert Linux List <[EMAIL PROTECTED]>
I am currently trying to get authentication of wu-imap from a samba PDC
using the pam_smb module.
I have managed to be able to login on the console with my windows
password, and have even managed to log in via ssh using my windows
password. However, following the samba principles, I haven't managed to
connect to the imap server. I have compiled wu-imap from source, with
"make lnp" which is supposed to compile with pam support. Entries in the
file /var/log/security indicate the the imap server is indeed using PAM.
Here are the 2 working pam config files:
/etc/pam.d/login:
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_smb_auth.so debug
auth sufficient /lib/security/pam_pwdb.so shadow nullok
use_first_pass
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok use_authtok shadow
md5
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_console.so
/etc/pam.d/sshd:
#%PAM-1.0
auth sufficient /lib/security/pam_pwdb.so shadow nodelay
auth sufficient /lib/security/pam_smb_auth.so debug
use_first_pass
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok
use_authtok
session required /lib/security/pam_pwdb.so
session required /lib/security/pam_limits.so
Here is my current file for imap:
/etc/pam.d/imap:
#%PAM-1.0
auth sufficient /lib/security/pam_pwdb.so shadow nullok
auth sufficient /lib/security/pam_smb_auth.so debug
use_first_pass
account required /lib/security/pam_pwdb.so
As you will see, in each case I simply changed the auth required line
for pam_pwdb to auth sufficient and added an auth sufficient line for
pam_smb, adding use_first_pass with the 2nd of the 2.
Here is a tail of /var/log/security following a successful ssh login and
failed imap connection:
Jan 24 23:00:07 www imapd[12758]: pam_smb: Local UNIX username/password
check incorrect.
Jan 24 23:00:07 www imapd[12758]: pam_smb: Configuration Data, Primary
CAEPDC, Backup CAEPDC, Domain CAE.
Jan 24 23:01:53 www imapd[12768]: connect from 146.232.146.2
Jan 24 23:01:59 www sshd[12769]: pam_smb: Local UNIX username/password
check incorrect.
Jan 24 23:01:59 www sshd[12769]: pam_smb: Configuration Data, Primary
CAEPDC, Backup CAEPDC, Domain CAE.
Jan 24 23:02:07 www imapd[12806]: connect from 146.232.146.2
Jan 24 23:02:07 www imapd[12806]: pam_smb: Local UNIX username/password
check incorrect.
Jan 24 23:02:07 www imapd[12806]: pam_smb: Configuration Data, Primary
CAEPDC, Backup CAEPDC, Domain CAE.
Jan 24 23:02:08 www imapd[12768]: pam_smb: Local UNIX username/password
check incorrect.
Jan 24 23:02:08 www imapd[12768]: pam_smb: Configuration Data, Primary
CAEPDC, Backup CAEPDC, Domain CAE.
Does anyone have any advice for me ... the idea here is to let all the
windows lusers read email on the imap/pop server without them having to
keep 2 passwords sync'ed, not for me to be able to log into the machines
with passwords that might have been sniffed ;-)
Buchan
--
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 808 2497
Stellenbosch Automotive Engineering http://www.cae.co.za
