[tpop3d-discuss]authentication failures on Mac OS X 10.3
Roger Baig Viņas
roger.baig at gmail.com
Wed, 21 Dec 2005 16:15:22 +0100
> There should be either a pam.conf file, or a pam.d
> directory containing a bunch of named files, which define
> how to handle authentication for each service. I don't
> know where Mac OS X keeps those (typically this would be
> /etc/pam.conf or /etc/pam.d; if not, try locate) but once
> you've found them you'll need to configure pam to know
> about tpop3d. Without seeing what the settings look like
> for other services on the system I can't tell you how to
> do that, but it should be easy to adapt the settings for
> (say) sshd by copying the pam.conf line or pam.d/ssh file.
I've been trying to write the /etc/pam.d/pop file but without good
results. I hope the following info can help:
$ uname -a
Darwin rilat.local 7.9.0 Darwin Kernel Version 7.9.0: Wed Mar 30
20:11:17 PST 2005; root:xnu/xnu-517.12.7.obj~1/RELEASE_PPC Power
Macintosh powerpc
$ ls /etc/pam.d
chkpasswd ftpd login other passwd sshd su sudo
>From my experience I can assert that tpop3d uses the directory above
$ cat /etc/pam.d/ftpd
# login: auth account password session
auth sufficient pam_securityserver.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
$ cat /etc/pam.d/login
# login: auth account password session
auth required pam_nologin.so
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_uwtmp.so
$ cat /etc/pam.d/other
# other: auth account password session
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
$ cat /etc/pam.d/sshd
# login: auth account password session
auth required pam_nologin.so
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
regards
--
roger