Bug 49604
Summary: | imap: After installing the newest update, logins are refused | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <stoti> |
Component: | imap | Assignee: | Mike A. Harris <mharris> |
Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.2 | CC: | herrold, jacob, kovacs, seungseok_hyun, tdiehl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2001-09-28 21:19:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Need Real Name
2001-07-21 12:41:32 UTC
I have the same problem - rh5.2, patched 2.0.36 kernel, password file not shadowed. I can log in to pop3 server from imap-2000-2.5 just fine, but not with imap-2000c-1.5.0. What specific messages do you see? Can you cut and paste them? Sorry, It was a client's machine, I can not check this now, however, as far as I remember, it was the same message that I get when I mis-type the password. I have the same problem. Here are the messages from the log (typed by hand): date machine ipop3d[pid]: port 110 service init ipaddress date machine ipop3d[pid]:Login failure user=username host-hostname (ipaddress) date machine ipop3d[pid]: AUTHENTICATE LOGIN FAILURE host=hostname (ipaddress) date machine ipop3d{pid]: Command stream end of file while reading line user=??? host=hostname (ipaddress) Obviously this is sanitized but the last line where it says user=??? is what is in the log. If you need more info I will be happy to provide it. ....................Tom The session goes like this: [popserver][/tmp]$ telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK POP3 localhost v2000.70rh server ready user dummy +OK User name accepted, password please pass xxxxxxxx -ERR Bad login Note that there is no pam file in the rpm (/etc/pam.d/imap and /etc/pam.d/pop). Putting old pam files fix the problem. Fixed in rawhide packaging, release 2000c-14. It just needs rebuilding for 5.2/6.2. Will test soon, and possibly update errata... Where is the rawhide srpm? I just looked and the only thing on the redhat ftp site is 2000C-13 with a date of 21 Jul 01. If ever you're told something is in rawhide, but it isn't, never fear. ;o) It is in rawhide but not sync'd yet. Will need rebuilding in 6.2/5.2 after editing build defs at top and release #. I plan on releasing new errata sometime, and apologize for the messup. Should've been caught by our QA, or myself... Grr! *** Bug 49944 has been marked as a duplicate of this bug. *** *** Bug 50625 has been marked as a duplicate of this bug. *** *** Bug 50817 has been marked as a duplicate of this bug. *** *** Bug 50817 has been marked as a duplicate of this bug. *** Would the immediate fix be to revert to the old imap or can I just make /etc/pam.d/pop and /etc/pam.d/imap look like the old versions? Or, is there another fix? imap 4.7c2: /etc/pam.d/pop: #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so /etc/pam.d/imap: #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so imap 2000c: /etc/pam.d/pop: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth /etc/pam.d/imap: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth Thanks! Jacob Killian Is there a status update on the errata for this bug? I am not 100% sure, but the bug is probably related to %define with_pamauth 0 in imap.spec Putting %define with_pamauth 1 may fix this problem. I had such problem with rawhide RPM on RedHat 6.2, see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=47161 ----------- extract from imap.spec ----------- %if %{Build_52} %define with_krb5 0 %define with_ssl 0 %define with_ssl_cert 0 %define with_xinetd 0 %define with_pamauth 0 %define rawhide_features 0 %define release 1.5.0 %endif The imap package is broken with the PAM configuration at present in such a state that The suggested fix, manually reverting out the /etc/pam.d/pop changes to: auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so works for me ... ======================= Unfortunately, the current version breaks the Microsoft Outlook Express clients, at some versions, but not all, in authentication, and retrieving mail. This is a real problem in an ISP situation ... The problem comes because of the poorly-named with_pamauth variable - it should be with_newpamauth since the 5.2 and 6.x builds use pam but an older pam. 5.2 and 6.x require /etc/pam.d/{imap,pop} just as 7.x does. The fix is simple: --- imap.spec~ Sat Jul 7 01:41:58 2001 +++ imap.spec Tue Sep 25 11:57:56 2001 @@ -252,10 +252,8 @@ %files %defattr(-,root,root) -%if %{with_pamauth} %config %{_sysconfdir}/pam.d/imap %config %{_sysconfdir}/pam.d/pop -%endif %if %{with_xinetd} %config(noreplace) %{_sysconfdir}/xinetd.d/imap Mike, Can this be pushed into Nalin's Raw Hide PAM updates of late last week ? -- Russ I'd like to issue erratum for 5.2/6.2 soon. I'll build it into Rawhide as well. Thanks for the reminder. Fixed in imap-2000c-1.5.1 for Red Hat linux 5.2, and imap-2000c-1.6.1 for Red Hat Linux 6.2. Erratum pending release. Dear mharris I have the same problem with RH7.2 with imap-2002.RC6. What should I do ? |