[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: adduser problem and shadow passwords with qmail

On Tue, 8 Apr 2003 09:54:57 +0200
"Petr's mailing list" <lists@seznam.cz> wrote:

> I reinstalled it without any affect. Suddenly I have found the point.
> I have shadow passwords set, qmail with pop3 service and checkpassword
> 0.81 for pam patched. I got recommendation from net to change file
> /etc/pam.d/passwd like this:# beggining of file
> auth       required   /lib/security/pam_pwdb.so shadow nullok
> account    required   /lib/security/pam_pwdb.so
> password   required   /lib/security/pam_cracklib.so retry=3
> password   required   /lib/security/pam_pwdb.so use_auth_ok nullok
> shadow
> #password   required   pam_unix.so nullok obscure min=4 max=8 md5
> # the end of file
> When I changed this file like this I could do pop3 connection to qmail
> pop3 server but I found I can not addusers and vice versa. Is it a way
> how to have pop3 service and adding of users working together? Thanks

I think pam_pwdb.so is deprecated and its functionality is now in
pam_unix.so. The configuration in pam.d/passwd is for changing
passwords, the first two lines do not seem necessary, the third line
does some additional checking on the 'reasonableness' of the password
(so it is not easy to guess) and the fourth line does the actual
changing of the password. The words after the module name are options.
'nullok' will let people log in if their password is empty.
You need 'use_authok' only if you use cracklib. 'obscure' does some
additional checks, md5 means you want md5 encryption instead of crypt in
/etc/shadow and min/max enforce a certain length. Now I wrote this down,
I think I should have said: 

apt-get install libpam-doc

I must say your story is kind of strange, the pop3 server should only
look in /etc/pam.d/pop3 (or similar) for its configuration. Look in
/var/log/auth.log what service the pop-server actually tries to use
(service name == filename in /etc/pam.d). The file /etc/pam.d/passwd
should not effect the pop3 setup, so it's better to revert it to it's
old contents (although adding cracklib might be a good idea).

grts Tim

Reply to: