Bug 120368 - imapd doesn't log Login/Logout events to /var/log/maillog for LDAP users
Summary: imapd doesn't log Login/Logout events to /var/log/maillog for LDAP users
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: pam (Show other bugs)
(Show other bugs)
Version: 3.0
Hardware: All Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Jay Turner
Depends On:
TreeView+ depends on / blocked
Reported: 2004-04-08 03:08 UTC by Terry Griffin
Modified: 2015-01-08 00:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-11-17 11:31:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Terry Griffin 2004-04-08 03:08:53 UTC
Description of problem:

For users that authenticate against LDAP instead of /etc/passwd
imapd doesn't log Login/Logout events to /var/log/maillog for
IMAP or POP3 transactions. This breaks various POP-before-SMTP
authentication tools.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Configure system for LDAP authentication.
2. Create an LDAP account on the LDAP server.
3. Perform POP3 or IMAP queries for the LDAP user.

Actual results:

No ipop3d or imapd Login/Logout lines in /var/log/maillog for
the LDAP user despite a successful POP3 or IMAP transaction

Expected results:

Login/Logout lines in /var/log/maillog of the same form that
you get for /etc/password users, as in:

Apr  7 00:00:28 hostname ipop3d[23536]: Login user=username
host=remotehostname [remoteipaddress] nmsgs=0/0
Apr  7 00:00:28 hostname ipop3d[23536]: Logout user=username
host=remotehostname [remoteipaddress] nmsgs=0 ndele=0

Additional info:

Comment 1 Terry Griffin 2004-04-08 21:57:25 UTC
I found the missing log messages for LDAP users. They're going to 
/var/log/messages instead of /var/log/maillog. So now...

Actual results:

Login/Logout events are logged to /var/log/messages for
LDAP users.

Expected results:

Login/Logout events should be logged to /var/log/maillog, as
with /etc/passwd users.

Comment 2 Terry Griffin 2004-04-09 04:20:51 UTC
Some debugging of the ipop3d daemon revealed the culprit to be the
pam_authenticate() function. Prior to calling pam_authenticate() all
syslog() messages go to /var/log/maillog. After the return from
pam_authenticate() all syslog() messages go to /var/log/messages.

Comment 3 Tomas Mraz 2004-11-17 11:31:17 UTC
The pam_unix module calls openlog before syslog and thus it redirects
it in case of error in the module.

This call is now removed in the upstream PAM CVS.

Note You need to log in before you can comment on or make changes to this bug.