Bug 49604
| Summary: | imap: After installing the newest update, logins are refused | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <stoti> |
| Component: | imap | Assignee: | Mike A. Harris <mharris> |
| Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.2 | CC: | herrold, jacob, kovacs, seungseok_hyun, tdiehl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2001-09-28 21:19:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Need Real Name
2001-07-21 12:41:32 UTC
I have the same problem - rh5.2, patched 2.0.36 kernel, password file not shadowed. I can log in to pop3 server from imap-2000-2.5 just fine, but not with imap-2000c-1.5.0. What specific messages do you see? Can you cut and paste them? Sorry, It was a client's machine, I can not check this now, however, as far as I remember, it was the same message that I get when I mis-type the password. I have the same problem. Here are the messages from the log (typed by hand):
date machine ipop3d[pid]: port 110 service init ipaddress
date machine ipop3d[pid]:Login failure user=username host-hostname (ipaddress)
date machine ipop3d[pid]: AUTHENTICATE LOGIN FAILURE host=hostname (ipaddress)
date machine ipop3d{pid]: Command stream end of file while reading line user=??? host=hostname (ipaddress)
Obviously this is sanitized but the last line where it says user=??? is what is in the log. If you need more info I will be
happy to provide it.
....................Tom
The session goes like this: [popserver][/tmp]$ telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK POP3 localhost v2000.70rh server ready user dummy +OK User name accepted, password please pass xxxxxxxx -ERR Bad login Note that there is no pam file in the rpm (/etc/pam.d/imap and /etc/pam.d/pop). Putting old pam files fix the problem. Fixed in rawhide packaging, release 2000c-14. It just needs rebuilding for 5.2/6.2. Will test soon, and possibly update errata... Where is the rawhide srpm? I just looked and the only thing on the redhat ftp site is 2000C-13 with a date of 21 Jul 01. If ever you're told something is in rawhide, but it isn't, never fear. ;o) It is in rawhide but not sync'd yet. Will need rebuilding in 6.2/5.2 after editing build defs at top and release #. I plan on releasing new errata sometime, and apologize for the messup. Should've been caught by our QA, or myself... Grr! *** Bug 49944 has been marked as a duplicate of this bug. *** *** Bug 50625 has been marked as a duplicate of this bug. *** *** Bug 50817 has been marked as a duplicate of this bug. *** *** Bug 50817 has been marked as a duplicate of this bug. *** Would the immediate fix be to revert to the old imap or can I just make /etc/pam.d/pop and /etc/pam.d/imap look like the old versions? Or, is there another fix? imap 4.7c2: /etc/pam.d/pop: #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so /etc/pam.d/imap: #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so imap 2000c: /etc/pam.d/pop: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth /etc/pam.d/imap: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth Thanks! Jacob Killian Is there a status update on the errata for this bug? I am not 100% sure, but the bug is probably related to %define with_pamauth 0 in imap.spec Putting %define with_pamauth 1 may fix this problem. I had such problem with rawhide RPM on RedHat 6.2, see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=47161 ----------- extract from imap.spec ----------- %if %{Build_52} %define with_krb5 0 %define with_ssl 0 %define with_ssl_cert 0 %define with_xinetd 0 %define with_pamauth 0 %define rawhide_features 0 %define release 1.5.0 %endif The imap package is broken with the PAM configuration at present in such a state that The suggested fix, manually reverting out the /etc/pam.d/pop changes to: auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so works for me ... ======================= Unfortunately, the current version breaks the Microsoft Outlook Express clients, at some versions, but not all, in authentication, and retrieving mail. This is a real problem in an ISP situation ... The problem comes because of the poorly-named with_pamauth variable
- it should be with_newpamauth since the 5.2 and 6.x builds use pam but
an older pam. 5.2 and 6.x require /etc/pam.d/{imap,pop} just as 7.x does.
The fix is simple:
--- imap.spec~ Sat Jul 7 01:41:58 2001
+++ imap.spec Tue Sep 25 11:57:56 2001
@@ -252,10 +252,8 @@
%files
%defattr(-,root,root)
-%if %{with_pamauth}
%config %{_sysconfdir}/pam.d/imap
%config %{_sysconfdir}/pam.d/pop
-%endif
%if %{with_xinetd}
%config(noreplace) %{_sysconfdir}/xinetd.d/imap
Mike, Can this be pushed into Nalin's Raw Hide PAM updates of late last week ? -- Russ I'd like to issue erratum for 5.2/6.2 soon. I'll build it into Rawhide as well. Thanks for the reminder. Fixed in imap-2000c-1.5.1 for Red Hat linux 5.2, and imap-2000c-1.6.1 for Red Hat Linux 6.2. Erratum pending release. Dear mharris I have the same problem with RH7.2 with imap-2002.RC6. What should I do ? |