dovecot-auth error but pop login works
When users on my system logs in using pop, they are able to log to system and check emails. But /var/log/secure has following entries for any users
2011-02-01T21:20:29.545660+05:18 linode dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
2011-02-01T21:20:29.545733+05:18 linode dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=gift@vasai.com rhost=127.0.0.1
q
Are there multiple login validations happening?
I am on centos 5,ISPConfig 3, Dovecot
4 Replies
@richardvc:
Are there multiple login validations happening?
Probably - Dovecot can be set up for multiple password databases, and if the user succeeds against any of the specified dbs then they are authenticated. Check to see if you have multiple passdb entries in your dovecot.conf.
See here
i can see see
passdb pam {
# [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
# [cache_key=<key>] [<service name="">]
#
# session=yes makes Dovecot open and immediately close PAM session. Some
# PAM plugins need this to work, such as pam_mkhomedir.
#
# setcred=yes makes Dovecot establish PAM credentials if some PAM plugins
# need that. They aren't ever deleted though, so this isn't enabled by
# default.
#
# max_requests specifies how many PAM lookups to do in one process before
# recreating the process. The default is 100, because many PAM plugins
# leak memory.
#
# cache_key can be used to enable authentication caching for PAM
# (auth_cache_size also needs to be set). It isn't enabled by default
# because PAM modules can do all kinds of checks besides checking password,
# such as checking IP address. Dovecot can't know about these checks
# without some help. cache_key is simply a list of variables (see
# doc/wiki/Variables.txt) which must match for the cached data to be used.
# Here are some examples:
# %u - Username must match. Probably sufficient for most uses.
# %u%r - Username and remote IP address must match.
# %u%s - Username and service (ie. IMAP, POP3) must match.
#
# The service name can contain variables, for example %Ls expands to
# pop3 or imap.
#
# Some examples:
# args = session=yes %Ls
# args = cache_key=%u dovecot
#args = dovecot
}</service></key></n>
I want to know if this module is causing the problem?
Just below it
passdb sql {
# Path for SQL configuration file, see doc/dovecot-sql-example.conf
args = /etc/dovecot-sql.conf
}
I think sql module isused for user email password validation.
I want to remove entries from secure log because fail2ban is creating problem for such users.
Thanks for all your help.
Richard
The pam entry is there to allow system accounts to log in - it should be safe to comment it out if you only use the accounts defined in the sql tables. I think you also might be able to re-order them so that it checks sql first.
Removed pam authentication as I do not have system users.. all virtual
Thanks for all your help.
Richard