Results 1 to 5 of 5

Thread: dovecot+pam authentication password mismatch

  1. #1

    Default dovecot+pam authentication password mismatch

    Hi all,

    I've been having enormous problems with pam authentication. I use opensuse 11.1, postfix 2.5.5, dovecot 1.1.7. , ssl, dovecot-sasl. Everything works fine within local network, but I can't log in from outside (using outlook express 6). Output of dovecot -n:


    protocols: imap imaps pop3 pop3s
    listen(default): *:143
    listen(imap): *:143
    listen(pop3): *:110
    ssl_listen(default): *:993
    ssl_listen(imap): *:993
    ssl_listen(pop3): *:995
    verbose_ssl: yes
    login_dir: /var/run/dovecot/login
    login_executable(default): /usr/lib/dovecot/imap-login
    login_executable(imap): /usr/lib/dovecot/imap-login
    login_executable(pop3): /usr/lib/dovecot/pop3-login
    mail_location: mbox:/var/spool/mail/%n
    mail_debug: yes
    mail_executable(default): /usr/lib/dovecot/imap
    mail_executable(imap): /usr/lib/dovecot/imap
    mail_executable(pop3): /usr/lib/dovecot/pop3
    mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
    mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
    mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
    auth default:
    mechanisms: plain login
    debug_passwords: yes
    passdb:
    driver: pam
    args: dovecot
    userdb:
    driver: passwd
    socket:
    type: listen
    client:
    path: /var/spool/postfix/private/auth
    mode: 432
    user: postfix
    group: postfix


    /etc/pam.d/dovecot:

    Code:
    #%PAM-1.0
    auth     include        common-auth
    account  include        common-account
    password include        common-password
    session  include        common-session
    auth    required        pam_unix.so
    account required        pam_unix.so
    mail log says something like:

    Jun 12 21:07:56 mail dovecot: auth(default): new auth connection: pid=12127
    Jun 12 21:08:44 mail dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3 secured lip=192.168.1.67 rip=xx.xxx.xxx.xx lport=995 rport=2220 resp=AG1lc2luZ3ZhbABTWktPUE9XSUNaMQ==
    Jun 12 21:08:44 mail dovecot: auth-worker(default): pam(username,xx.xxx.xxx.xx): lookup service=pop3
    Jun 12 21:08:44 mail dovecot: auth-worker(default): pam(username,xx.xxx.xxx.xx): #1/1 style=1 msg=Password:
    Jun 12 21:08:44 mail dovecot: auth-worker(default): pam(username,xx.xxx.xxx.xx): pam_authenticate() failed: Authentication failure (password mismatch?)
    Jun 12 21:08:44 mail dovecot: auth(default): new auth connection: pid=12130
    Jun 12 21:08:46 mail dovecot: auth(default): client out: FAIL 1 user=username
    Jun 12 21:08:46 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<username>, method=PLAIN, rip=xx.xxx.xxx.xx, lip=192.168.1.67, TLS: Disconnected


    I can't figure out what I am doing wrong. Any suggestions would be much appreciated.

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: dovecot+pam authentication password mismatch

    Try another client to see? Are you also using Outlook on the LAN? Have you tried using pop3s (secure POP) on the inside also?

  3. #3

    Default Re: dovecot+pam authentication password mismatch

    Quote Originally Posted by ken_yap View Post
    Try another client to see? Are you also using Outlook on the LAN? Have you tried using pop3s (secure POP) on the inside also?
    On the lan I used the same version of Outlook Express with exactly the same settings (including secure pop). And it worked fine:

    Jun 12 15:57:57 mail dovecot: auth(default): new auth connection: pid=5643
    Jun 12 16:03:03 mail dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3 secured lip=192.168.1.67 rip=xx.xx.xxx.xxx lport=995 rport=50146 resp=AG1lc2luZ3ZhbABTemtvcG93aWN6MQ==
    Jun 12 16:03:03 mail dovecot: auth-worker(default): pam(username,xx.xx.xxx.xxx): lookup service=pop3
    Jun 12 16:03:03 mail dovecot: auth-worker(default): pam(username,xx.xx.xxx.xxx): #1/1 style=1 msg=Password:
    Jun 12 16:03:03 mail dovecot: auth(default): client out: OK 1 user=username
    Jun 12 16:03:03 mail dovecot: auth(default): master in: REQUEST 5 5644 1
    Jun 12 16:03:03 mail dovecot: auth(default): passwd(username,xx.xx.xxx.xxx): lookup
    Jun 12 16:03:03 mail dovecot: auth(default): master out: USER 5 username system_user=username uid=1000 gid=100 home=/home/username
    Jun 12 16:03:03 mail dovecot: pop3-login: Login: user=<username>, method=PLAIN, rip=xx.xx.xxx.xxx, lip=192.168.1.67, TLS
    Jun 12 16:03:03 mail dovecot: POP3(mesingval): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0


    I won't be able to try another client before evening. But still, there shouldn't be any reason for outlook not to work. Sorry for noobish question, but why is pam using IP as an argument at all? (pam(username,xx.xx.xxx.xxx)) Remote IP is the only different value in the whole proccess. Any ideas?

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: dovecot+pam authentication password mismatch

    No idea, maybe it's just logging, and not part of the comparison.

    BTW, I only have the first 5 lines of your pam.d/dovecot. It's not necessary to add the unix.so lines since they are already in common_*.

  5. #5

    Default Re: dovecot+pam authentication password mismatch

    Hi ken_yap. Thanks a lot for your responses. I managed to solve it. Simply I had dictated the IE settings on the phone, and the person I dictated it to apparently had made some mistakes, because today I did all the settings myself and it works. You can't trust anybody these days ;-)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •