[arch-general] pambase in testing breaks email
pambase 20190105.1-1 caused bad failure for email. The error I saw immediately was from postfix failing to authenticate users via saslauthd which in turn blames pam. Downgrading back to 20171006-1 restores email funtioning ok. Logs say: saslauthd[22214]: pam_warn(smtp:auth): function=[pam_sm_authenticate] flags=0x8000 service=[smtp] terminal=[<unknown>] user=[lists] ruser=[<unknown>] rhost=[<unknown>] saslauthd[22214]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure saslauthd[22214]: do_auth : auth failure: [user=lists] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Forgot to mention the perhaps obvious that postfix subsequently logs: warning: SASL authentication failure: Password verification failed Thank you.
The problem stems from change to: /etc/pam.d/other which replaced password required pam_unix.so with password required pam_deny.so I wonder if this means that things like dovecot and postfix need to have explicit additional files in /etc/pam.d so that email authentication work without relying on the catch all "other" file? thank you. gene
Requires adding files (if you haven't already got them) for both dovecot and postfix and not relying on the old 'other' catchall pam file. This is described in more detail in the forum posts [1]. Hoever I'm as yet not sure of the best postfix pam file. Perhaps others can comment. thank you. gene [1] https://bbs.archlinux.org/viewtopic.php?pid=1824850
On 1/5/19 3:46 PM, Genes Lists via arch-general wrote:
Requires adding files (if you haven't already got them) for both dovecot and postfix and not relying on the old 'other' catchall pam file.
This is described in more detail in the forum posts [1]. Hoever I'm as yet not sure of the best postfix pam file. Perhaps others can comment.
thank you.
gene
I wish someone had submitted bug reports about this in the first place, especially as in the case of dovecot this should never have been relegated to thirdparty configuration performed only after reading the wiki. I did not realize there was no bug report for this... well, now there is one: https://bugs.archlinux.org/task/61852 cyrus-sasl is covered by https://bugs.archlinux.org/task/61712 -- Eli Schwartz Bug Wrangler and Trusted User
participants (2)
-
Eli Schwartz
-
Genes Lists