[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PAM problem with Courier

Hello Stefan,

> As some of you have noticed, I'm resp. my company works on a complete
> Courier package which eventually replaces the imap-only package.
> I'm trying to get authentification with MySQL to get work with PAM
> instead of the courier-authmysql module. I installed the
> libpam-mysql module from woody.

> Any access with a existing local user comes through to the PAM 
> modules, other accesses are failing before PAM is tried.

> Hints are welcome, relevant config file see below.

If users who don't have local accounts on the system are rejected before they
reach PAM, then you'll need to look somewhere other than your PAM config file
to find the problem.  Perhaps courier is failing early because it knows the
username doesn't exist in the password file, and it will need this later to
find the mailbox?

I imagine courier expects its auth modules to provide more information than
what's just available through PAM, which means the authpam module more than
likely is trying to use getpwnam() to get the rest of what it needs.  A look
at the source to courier-authpam would tell.
Since courier-authmysql almost certainly gets the rest of this information
from the mysql database, you'd need to do one of two things: 1) expose the
rest of the mysql database using an nss_mysql module (in which case there's
not much point to using mysql instead of a password file), or 2) stick with
courier-authmysql.  If this is really what's going on, I strongly recommend
option 2, because PAM is not a good fit for this problem.

Steve Langasek
postmodern programmer

Reply to: