Re: pam_pgsql, Postfix, imap and PostgreSQL - Mailing list pgsql-general

Hi,

you need nss_pgsql too. But old versions of it were really ugly. I wouldn't
trust them. But I have heard, that someone have got it working. Search the
archives of pgsql-general.

Tommi

Am Freitag, 1. November 2002 10:35 schrieb Devrim GÜNDÜZ:
> Hi,
>
> I'm not really sure that this is the right list not or, but I feel that
> there may be some people who has some ezperiences with my problem below:
>
> Case : A mail server, which will server 30K people. I want to use
> PostgreSQL at the backend, for authentication mechanism. Postfix is used
> as the MTA. Wu-imapd is the imap/pop3 server. All these are on Red Hat
> 8.0.
>
> Since authentication must be done using PostgreSQL,I compiled
> pam_pgsql.so and moved it to /lib/security. Then, created a file
> /etc/pam_pgsql.conf, as suggested, and wrote the following lines
> ---
> database = mailing
> user = postfix
> password = password
> table = accounts
> user_column = username
> pwd_column = passwd
> expired_column = acc_expired
> newtok_column = acc_newpwdreq
> pwtype = clear
> debug
> ----
>
> Then, modified /etc/pam.d/pop and /etc/pam.d/imap as follows:
>
> ----
> #%PAM-1.0
> #auth       required    /lib/security/pam_stack.so service=system-auth
> #account    required    /lib/security/pam_stack.so service=system-auth
> auth       required     /lib/security/pam_pgsql.so
> account    required     /lib/security/pam_pgsql
> ----
>
> Created a database called mailing, here is the schema of two tables:
> mailing=# \d accounts
>                    Table "accounts"
>     Column     |          Type          |  Modifiers
> ---------------+------------------------+-------------
>  username      | character varying(255) | not null
>  passwd        | character varying(255) | not null
>  acc_expired   | boolean                | default '0'
>  acc_newpwdreq | boolean                | default '0'
>
> mailing=# \d vmailbox
>                 Table "vmailbox"
>  Column  |          Type          |  Modifiers
> ---------+------------------------+-------------
>  address | character varying(255) | not null
>  mbox    | character varying(255) |
>  active  | boolean                | default 'T'
> Unique keys: vmailbox_address_key
>
>
> ANd a sample data from accounts table:
>
>         username             |  passwd  | acc_expired |acc_newpwdreq
> -----------------------------+----------+-------------+---------------
>  devrim@my.hostname          | test     | f           | f
>
>
> Everything seems to be ok. But not.
>
> Problem:
> -------
> This is the first problem.
>
> The following program test the connection through pam_pgsql.
>
>
>  ./test devrim@my.hostname
> PID:16472
> PAM started.
> Password:
> Authentication succeeded, checking access.
> Access permitted.
> Changing authentication token...
> Failed: Authentication token manipulation error
>
>
> It permits access, but fails while checking the auth token. I think
> fails probably in acc_newpwdreq column, but I'm not sure.
>
> And the second and main problem: pop3 does not authenticate ...
> Here it comes:
>
> #telnet  0 110
> Trying 0.0.0.0...
> Connected to 0.
> Escape character is '^]'.
> +OK POP3 localhost.localdomain v2001.78rh server ready
> USER devrim@my.hostname
> +OK User name accepted, password please
> PASS test
> -ERR Bad login
>
> As I trace the logs, I see that pop3d does not send request to
> postgresql...
>
> The same is valid for imap.
>
> However, if I insert a user into table, without @ sign, I mean, devrim
> for example, pop3d sends authencication request to pam_pgsql and I
> succeed. However, I think I need to define users with @ sign, since
> there will be more than 1 domain on the system...
>
> Does anyone know how to solve this problem? I do not want to use Courier
> imap/Postfix/MySQL :(
>
> BTW, I'm subscribed to the list but have not been receiving e-mails
> since about a day. So, please CC my address in your post.
>
> Best regards,

--
Dr. Eckhardt + Partner GmbH
http://www.epgmbh.de