[tpop3d-discuss]tpop3d with auth-pam-enable "No account present for user" error

Êðèâîøååâ Ïàâåë pasha at mts.by
Fri, 01 Apr 2005 19:22:07 +0300 

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=windows-1251"
 http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<meta content="text/html;charset=windows-1251" http-equiv="Content-Type">
<title></title>
We have Solaris 9 4/04 server which is ldap client to another server.<br>
Tpop3d frequently write the following messages to syslog when mail
client connect:<br>
<br>
<b>Apr  1 18:37:04 maria tpop3d[1359]: [ID 896952 mail.debug]
pam_unix_auth: entering pam_sm_authenticate()<br>
Apr  1 18:37:04 maria tpop3d[1359]: [ID 702911 mail.error]
auth_pam_new_user_pass: pam_authenticate(userbox): No account present
for user<br>
Apr  1 18:37:04 maria tpop3d[21899]: [ID 702911 mail.debug]
connection_sendresponse: client [15]10.128.10.166/inside.mts.by: sent
`-ERR Lies! Try again!'<br>
Apr  1 18:37:04 maria tpop3d[21899]: [ID 702911 mail.error]
connection_do: client `[15]10.128.10.166/inside.mts.by': username
`userbox': 1 authentication failures<br>
<br>
<br>
</b>After some attempts
mail client connect and authenticate with this user, and tpop3d send
the folowing:<br>
<b><br>
<br>
Apr  1 16:25:19 maria tpop3d[21899]: [ID 702911 mail.info]
authcontext_new_user_pass: began session for `userbox' with pam; uid
350, gid 6<br>
Apr  1 16:25:19 maria tpop3d[21899]: [ID 702911 mail.info] fork_child:
[8]userbox(10.128.10.166): began session for `userbox' with pam; child
PID is 23675<br>
Apr  1 16:25:19 maria tpop3d[23675]: [ID 702911 mail.info]
connections_post_select: client [8]userbox(10.128.10.166): finished
session for `userbox' with pam<br>
Apr  1 16:25:19 maria tpop3d[23675]: [ID 702911 mail.info]
connections_post_select: client [8]userbox(10.128.10.166):
disconnected; 43/212 bytes read/written<br>
</b><br>
But why its happen with anyone user in our network. I mean anyone user
can get message "Lies! Try again!"  even if his password is write and
has account<br>
in /var/mail directory ???<br>
<br>
Here is our <b>/usr/local/etc/tpop3d.conf</b><br>
listen-address: 10.128.10.1<br>
max-children: 1024<br>
log-facility: mail<br>
timeout-seconds: 300<br>
mailbox: bsd:/var/mail/$(user)<br>
auth-pam-enable: yes<br>
auth-pam-mail-group: mail<br>
<br>
<b>/etc/pam.conf</b><br>
#<br>
#ident  "@(#)pam.conf   1.20    02/01/23 SMI"<br>
#<br>
# Copyright 1996-2002 Sun Microsystems, Inc.  All rights reserved.<br>
# Use is subject to license terms.<br>
#<br>
# PAM configuration<br>
#<br>
# Unless explicitly defined, all services use the modules<br>
# defined in the "other" section.<br>
#<br>
# Modules are defined with relative pathnames, i.e., they are<br>
# relative to /usr/lib/security/$ISA. Absolute path names, as<br>
# present in this file in previous releases are still acceptable.<br>
#<br>
# Authentication management<br>
#<br>
# login service (explicit because of pam_dial_auth)<br>
#<br>
login   auth requisite          pam_authtok_get.so.1<br>
login   auth required           pam_dhkeys.so.1<br>
login   auth required           pam_unix_auth.so.1 debug<br>
login   auth required           pam_dial_auth.so.1<br>
#<br>
# rlogin service (explicit because of pam_rhost_auth)<br>
#<br>
rlogin  auth sufficient         pam_rhosts_auth.so.1<br>
rlogin  auth requisite          pam_authtok_get.so.1<br>
rlogin  auth required           pam_dhkeys.so.1<br>
rlogin  auth required           pam_unix_auth.so.1<br>
#<br>
# rsh service (explicit because of pam_rhost_auth,<br>
# and pam_unix_auth for meaningful pam_setcred)<br>
#<br>
rsh     auth sufficient         pam_rhosts_auth.so.1<br>
rsh     auth required           pam_unix_auth.so.1<br>
#<br>
# PPP service (explicit because of pam_dial_auth)<br>
#<br>
ppp     auth requisite          pam_authtok_get.so.1<br>
ppp     auth required           pam_dhkeys.so.1<br>
ppp     auth required           pam_unix_auth.so.1<br>
ppp     auth required           pam_dial_auth.so.1<br>
#<br>
# Default definitions for Authentication management<br>
# Used when service name is not explicitly mentioned for authenctication<br>
#<br>
other   auth requisite          pam_authtok_get.so.1<br>
other   auth required           pam_dhkeys.so.1<br>
other   auth required           pam_unix_auth.so.1 debug<br>
#<br>
# passwd command (explicit because of a different authentication module)<br>
#<br>
passwd  auth required           pam_passwd_auth.so.1<br>
#<br>
# cron service (explicit because of non-usage of pam_roles.so.1)<br>
#<br>
cron    account required        pam_projects.so.1<br>
cron    account required        pam_unix_account.so.1<br>
#<br>
# Default definition for Account management<br>
# Used when service name is not explicitly mentioned for account
management<br>
#<br>
other   account requisite       pam_roles.so.1<br>
other   account required        pam_projects.so.1<br>
other   account required        pam_unix_account.so.1<br>
#<br>
# Default definition for Session management<br>
# Used when service name is not explicitly mentioned for session
management<br>
#<br>
other   session required        pam_unix_session.so.1<br>
#<br>
# Default definition for  Password management<br>
# Used when service name is not explicitly mentioned for password
management<br>
#<br>
other   password required       pam_dhkeys.so.1<br>
other   password requisite      pam_authtok_get.so.1<br>
other   password requisite      pam_authtok_check.so.1<br>
other   password required       pam_authtok_store.so.1<br>
#<br>
# Support for Kerberos V5 authentication (uncomment to use Kerberos)<br>
#<br>
#rlogin         auth optional           pam_krb5.so.1 try_first_pass<br>
#login          auth optional           pam_krb5.so.1 try_first_pass<br>
#other          auth optional           pam_krb5.so.1 try_first_pass<br>
#cron           account optional        pam_krb5.so.1<br>
#other          account optional        pam_krb5.so.1<br>
#other          session optional        pam_krb5.so.1<br>
#other          password optional       pam_krb5.so.1 try_first_pass<br>
#<br>
# QPopper POP3<br>
#<br>
pop3    auth requisite          pam_authtok_get.so.1<br>
pop3    auth required           pam_unix_auth.so.1<br>
pop3    account requisite       pam_roles.so.1<br>
pop3    account required        pam_projects.so.1<br>
pop3    account required        pam_unix_account.so.1<br>
pop3    password requisite      pam_authtok_get.so.1<br>
pop3    password requisite      pam_authtok_check.so.1<br>
pop3    password required       pam_authtok_store.so.1<br>
pop3    session required        pam_unix_session.so.1<br>
#<br>
# IMAP probably<br>
#<br>
imap    auth    requisite          pam_authtok_get.so.1<br>
imap    auth    required        pam_unix_auth.so.1<br>
imap    password requisite      pam_authtok_get.so.1<br>
imap    password requisite      pam_authtok_check.so.1<br>
imap    password required       pam_authtok_store.so.1<br>
imap    session required        pam_unix_session.so.1<br>
<br>
</body>
</html>