[tpop3d-discuss]tpop3d with auth-pam-enable "No account present for user" error
Êðèâîøååâ Ïàâåë
pasha at mts.by
Fri, 01 Apr 2005 19:22:07 +0300
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=windows-1251"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<meta content="text/html;charset=windows-1251" http-equiv="Content-Type">
<title></title>
We have Solaris 9 4/04 server which is ldap client to another server.<br>
Tpop3d frequently write the following messages to syslog when mail
client connect:<br>
<br>
<b>Apr 1 18:37:04 maria tpop3d[1359]: [ID 896952 mail.debug]
pam_unix_auth: entering pam_sm_authenticate()<br>
Apr 1 18:37:04 maria tpop3d[1359]: [ID 702911 mail.error]
auth_pam_new_user_pass: pam_authenticate(userbox): No account present
for user<br>
Apr 1 18:37:04 maria tpop3d[21899]: [ID 702911 mail.debug]
connection_sendresponse: client [15]10.128.10.166/inside.mts.by: sent
`-ERR Lies! Try again!'<br>
Apr 1 18:37:04 maria tpop3d[21899]: [ID 702911 mail.error]
connection_do: client `[15]10.128.10.166/inside.mts.by': username
`userbox': 1 authentication failures<br>
<br>
<br>
</b>After some attempts
mail client connect and authenticate with this user, and tpop3d send
the folowing:<br>
<b><br>
<br>
Apr 1 16:25:19 maria tpop3d[21899]: [ID 702911 mail.info]
authcontext_new_user_pass: began session for `userbox' with pam; uid
350, gid 6<br>
Apr 1 16:25:19 maria tpop3d[21899]: [ID 702911 mail.info] fork_child:
[8]userbox(10.128.10.166): began session for `userbox' with pam; child
PID is 23675<br>
Apr 1 16:25:19 maria tpop3d[23675]: [ID 702911 mail.info]
connections_post_select: client [8]userbox(10.128.10.166): finished
session for `userbox' with pam<br>
Apr 1 16:25:19 maria tpop3d[23675]: [ID 702911 mail.info]
connections_post_select: client [8]userbox(10.128.10.166):
disconnected; 43/212 bytes read/written<br>
</b><br>
But why its happen with anyone user in our network. I mean anyone user
can get message "Lies! Try again!" even if his password is write and
has account<br>
in /var/mail directory ???<br>
<br>
Here is our <b>/usr/local/etc/tpop3d.conf</b><br>
listen-address: 10.128.10.1<br>
max-children: 1024<br>
log-facility: mail<br>
timeout-seconds: 300<br>
mailbox: bsd:/var/mail/$(user)<br>
auth-pam-enable: yes<br>
auth-pam-mail-group: mail<br>
<br>
<b>/etc/pam.conf</b><br>
#<br>
#ident "@(#)pam.conf 1.20 02/01/23 SMI"<br>
#<br>
# Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.<br>
# Use is subject to license terms.<br>
#<br>
# PAM configuration<br>
#<br>
# Unless explicitly defined, all services use the modules<br>
# defined in the "other" section.<br>
#<br>
# Modules are defined with relative pathnames, i.e., they are<br>
# relative to /usr/lib/security/$ISA. Absolute path names, as<br>
# present in this file in previous releases are still acceptable.<br>
#<br>
# Authentication management<br>
#<br>
# login service (explicit because of pam_dial_auth)<br>
#<br>
login auth requisite pam_authtok_get.so.1<br>
login auth required pam_dhkeys.so.1<br>
login auth required pam_unix_auth.so.1 debug<br>
login auth required pam_dial_auth.so.1<br>
#<br>
# rlogin service (explicit because of pam_rhost_auth)<br>
#<br>
rlogin auth sufficient pam_rhosts_auth.so.1<br>
rlogin auth requisite pam_authtok_get.so.1<br>
rlogin auth required pam_dhkeys.so.1<br>
rlogin auth required pam_unix_auth.so.1<br>
#<br>
# rsh service (explicit because of pam_rhost_auth,<br>
# and pam_unix_auth for meaningful pam_setcred)<br>
#<br>
rsh auth sufficient pam_rhosts_auth.so.1<br>
rsh auth required pam_unix_auth.so.1<br>
#<br>
# PPP service (explicit because of pam_dial_auth)<br>
#<br>
ppp auth requisite pam_authtok_get.so.1<br>
ppp auth required pam_dhkeys.so.1<br>
ppp auth required pam_unix_auth.so.1<br>
ppp auth required pam_dial_auth.so.1<br>
#<br>
# Default definitions for Authentication management<br>
# Used when service name is not explicitly mentioned for authenctication<br>
#<br>
other auth requisite pam_authtok_get.so.1<br>
other auth required pam_dhkeys.so.1<br>
other auth required pam_unix_auth.so.1 debug<br>
#<br>
# passwd command (explicit because of a different authentication module)<br>
#<br>
passwd auth required pam_passwd_auth.so.1<br>
#<br>
# cron service (explicit because of non-usage of pam_roles.so.1)<br>
#<br>
cron account required pam_projects.so.1<br>
cron account required pam_unix_account.so.1<br>
#<br>
# Default definition for Account management<br>
# Used when service name is not explicitly mentioned for account
management<br>
#<br>
other account requisite pam_roles.so.1<br>
other account required pam_projects.so.1<br>
other account required pam_unix_account.so.1<br>
#<br>
# Default definition for Session management<br>
# Used when service name is not explicitly mentioned for session
management<br>
#<br>
other session required pam_unix_session.so.1<br>
#<br>
# Default definition for Password management<br>
# Used when service name is not explicitly mentioned for password
management<br>
#<br>
other password required pam_dhkeys.so.1<br>
other password requisite pam_authtok_get.so.1<br>
other password requisite pam_authtok_check.so.1<br>
other password required pam_authtok_store.so.1<br>
#<br>
# Support for Kerberos V5 authentication (uncomment to use Kerberos)<br>
#<br>
#rlogin auth optional pam_krb5.so.1 try_first_pass<br>
#login auth optional pam_krb5.so.1 try_first_pass<br>
#other auth optional pam_krb5.so.1 try_first_pass<br>
#cron account optional pam_krb5.so.1<br>
#other account optional pam_krb5.so.1<br>
#other session optional pam_krb5.so.1<br>
#other password optional pam_krb5.so.1 try_first_pass<br>
#<br>
# QPopper POP3<br>
#<br>
pop3 auth requisite pam_authtok_get.so.1<br>
pop3 auth required pam_unix_auth.so.1<br>
pop3 account requisite pam_roles.so.1<br>
pop3 account required pam_projects.so.1<br>
pop3 account required pam_unix_account.so.1<br>
pop3 password requisite pam_authtok_get.so.1<br>
pop3 password requisite pam_authtok_check.so.1<br>
pop3 password required pam_authtok_store.so.1<br>
pop3 session required pam_unix_session.so.1<br>
#<br>
# IMAP probably<br>
#<br>
imap auth requisite pam_authtok_get.so.1<br>
imap auth required pam_unix_auth.so.1<br>
imap password requisite pam_authtok_get.so.1<br>
imap password requisite pam_authtok_check.so.1<br>
imap password required pam_authtok_store.so.1<br>
imap session required pam_unix_session.so.1<br>
<br>
</body>
</html>