pam_pgsql, Postfix, imap and PostgreSQL - Mailing list pgsql-general
| From | Devrim GÜNDÜZ |
|---|---|
| Subject | pam_pgsql, Postfix, imap and PostgreSQL |
| Date | |
| Msg-id | 1036143319.1174.39.camel@madness.tr.net Whole thread Raw |
| Responses |
Re: pam_pgsql, Postfix, imap and PostgreSQL
|
| List | pgsql-general |
Hi,
I'm not really sure that this is the right list not or, but I feel that
there may be some people who has some ezperiences with my problem below:
Case : A mail server, which will server 30K people. I want to use
PostgreSQL at the backend, for authentication mechanism. Postfix is used
as the MTA. Wu-imapd is the imap/pop3 server. All these are on Red Hat
8.0.
Since authentication must be done using PostgreSQL,I compiled
pam_pgsql.so and moved it to /lib/security. Then, created a file
/etc/pam_pgsql.conf, as suggested, and wrote the following lines
---
database = mailing
user = postfix
password = password
table = accounts
user_column = username
pwd_column = passwd
expired_column = acc_expired
newtok_column = acc_newpwdreq
pwtype = clear
debug
----
Then, modified /etc/pam.d/pop and /etc/pam.d/imap as follows:
----
#%PAM-1.0
#auth required /lib/security/pam_stack.so service=system-auth
#account required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_pgsql.so
account required /lib/security/pam_pgsql
----
Created a database called mailing, here is the schema of two tables:
mailing=# \d accounts
Table "accounts"
Column | Type | Modifiers
---------------+------------------------+-------------
username | character varying(255) | not null
passwd | character varying(255) | not null
acc_expired | boolean | default '0'
acc_newpwdreq | boolean | default '0'
mailing=# \d vmailbox
Table "vmailbox"
Column | Type | Modifiers
---------+------------------------+-------------
address | character varying(255) | not null
mbox | character varying(255) |
active | boolean | default 'T'
Unique keys: vmailbox_address_key
ANd a sample data from accounts table:
username | passwd | acc_expired |acc_newpwdreq
-----------------------------+----------+-------------+---------------
devrim@my.hostname | test | f | f
Everything seems to be ok. But not.
Problem:
-------
This is the first problem.
The following program test the connection through pam_pgsql.
./test devrim@my.hostname
PID:16472
PAM started.
Password:
Authentication succeeded, checking access.
Access permitted.
Changing authentication token...
Failed: Authentication token manipulation error
It permits access, but fails while checking the auth token. I think
fails probably in acc_newpwdreq column, but I'm not sure.
And the second and main problem: pop3 does not authenticate ...
Here it comes:
#telnet 0 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK POP3 localhost.localdomain v2001.78rh server ready
USER devrim@my.hostname
+OK User name accepted, password please
PASS test
-ERR Bad login
As I trace the logs, I see that pop3d does not send request to
postgresql...
The same is valid for imap.
However, if I insert a user into table, without @ sign, I mean, devrim
for example, pop3d sends authencication request to pam_pgsql and I
succeed. However, I think I need to define users with @ sign, since
there will be more than 1 domain on the system...
Does anyone know how to solve this problem? I do not want to use Courier
imap/Postfix/MySQL :(
BTW, I'm subscribed to the list but have not been receiving e-mails
since about a day. So, please CC my address in your post.
Best regards,
--
Devrim GUNDUZ
TR.NET System Support Specialist
devrim@tr.net
Tel : +90 (312) 295 93 18
Fax : +90 (312) 295 94 94
Tel : +90 (216) 542 90 00
pgsql-general by date: