Fix auth.log: pam unix(dovecot:auth): authentication failure

Материал из Home wiki
Версия от 20:50, 18 августа 2018; KOleg (обсуждение | вклад) (Новая страница: «== auth.log: pam_unix(dovecot:auth): authentication failure == Lately I stumpled upon a lot errormessages in my auth.log that were caused from my webmail and othe…»)
(разн.) ← Предыдущая | Текущая версия (разн.) | Следующая → (разн.)
Перейти к навигации Перейти к поиску

auth.log: pam_unix(dovecot:auth): authentication failure

Lately I stumpled upon a lot errormessages in my auth.log that were caused from my webmail and other IMAP-based tools: 

less /var/log/auth.log
...
...
Aug 22 20:54:28 vhost335290 auth: pam_unix(dovecot:auth): check pass; user unknown
Aug 22 20:54:28 vhost335290 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=<EMAILADDRESS> rhost=<IPADDRESS>
...
...

My Webmail, IMAP, dovecot is fully operational and I can login without errors, but at the same time there seems to be an authentication error as seen in auth.log.

First check dovecot config: 

dovecot -n

The result is 

...
...
passdb {
  driver = pam
}
passdb {
  args = scheme=SHA1 /etc/dovecot/users.conf
  driver = passwd-file
}
...
...
userdb {
  driver = passwd
}
userdb {
  args = uid=5000 gid=5000 home=/home/vmail/%d/%n/Maildir allow_all_users=yes
  driver = static
}
...
...

I was having 2 passdb and userdb sections. As passdb pam was used as well my passwd-file in /etc/dovecot/users.conf dovecot was trying to authenticate using pam first, then my users.conf.

The first failed obviously and generated the error, the second (against users.conf) was successful and my IMAP-clients where fully functional - despite the auth.log entry.

Let’s dig into the dovecot-configuration, where is this other passdb set? 

grep ^passdb /etc/dovecot/conf.d/*

the result is 

/etc/dovecot/conf.d/99-custom.conf:passdb {
/etc/dovecot/conf.d/auth-checkpassword.conf.ext:passdb {
/etc/dovecot/conf.d/auth-deny.conf.ext:passdb {
/etc/dovecot/conf.d/auth-ldap.conf.ext:passdb {
/etc/dovecot/conf.d/auth-master.conf.ext:passdb {
/etc/dovecot/conf.d/auth-passwdfile.conf.ext:passdb {
/etc/dovecot/conf.d/auth-sql.conf.ext:passdb {
/etc/dovecot/conf.d/auth-system.conf.ext:passdb {
/etc/dovecot/conf.d/auth-vpopmail.conf.ext:passdb {

99-custom.conf is mine. It seems auth-system.conf.ext is it. Let’s secure it first before messing around 

cp /etc/dovecot/conf.d/auth-system.conf.ext /etc/dovecot/conf.d/auth-system.conf.ext.original

and now comment out the passdb and userdb settings as I got my own 99-custom.conf configfile with all the settings I need in one place… 

vim /etc/dovecot/conf.d/auth-system.conf.ext

...
...
# PAM authentication. Preferred nowadays by most systems.
# PAM is typically used with either userdb passwd or userdb static.
# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
#passdb {
#  driver = pam
#  # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
#  # [cache_key=<key>] [<service name>]
#  #args = dovecot
#}
...
...
# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
#userdb {
#  # <doc/wiki/AuthDatabase.Passwd.txt>
#  driver = passwd
#  # [blocking=no]
#  #args =
#
#  # Override fields from passwd
#  #override_fields = home=/home/virtual/%u
#}

and restart dovecot 

/etc/init.d/dovecot restart

Tail on the auth logfile for further errors: 

tail -F /var/log/auth.log

when simultaneously working with IMAP, webmail, mailclients, etc. No new entries? OK, we’re done here.

BTW: Webmail/IMAP seems to be faster too.

Источник — https://wiki.eve.ks.ua/index.php?title=Fix_auth.log:_pam_unix(dovecot:auth):_authentication_failure&oldid=98