Description of problem: For users that authenticate against LDAP instead of /etc/passwd imapd doesn't log Login/Logout events to /var/log/maillog for IMAP or POP3 transactions. This breaks various POP-before-SMTP authentication tools. Version-Release number of selected component (if applicable): 2000d-2 How reproducible: 100% Steps to Reproduce: 1. Configure system for LDAP authentication. 2. Create an LDAP account on the LDAP server. 3. Perform POP3 or IMAP queries for the LDAP user. Actual results: No ipop3d or imapd Login/Logout lines in /var/log/maillog for the LDAP user despite a successful POP3 or IMAP transaction respectively. Expected results: Login/Logout lines in /var/log/maillog of the same form that you get for /etc/password users, as in: Apr 7 00:00:28 hostname ipop3d[23536]: Login user=username host=remotehostname [remoteipaddress] nmsgs=0/0 Apr 7 00:00:28 hostname ipop3d[23536]: Logout user=username host=remotehostname [remoteipaddress] nmsgs=0 ndele=0 Additional info:
I found the missing log messages for LDAP users. They're going to /var/log/messages instead of /var/log/maillog. So now... Actual results: Login/Logout events are logged to /var/log/messages for LDAP users. Expected results: Login/Logout events should be logged to /var/log/maillog, as with /etc/passwd users.
Some debugging of the ipop3d daemon revealed the culprit to be the pam_authenticate() function. Prior to calling pam_authenticate() all syslog() messages go to /var/log/maillog. After the return from pam_authenticate() all syslog() messages go to /var/log/messages.
The pam_unix module calls openlog before syslog and thus it redirects it in case of error in the module. This call is now removed in the upstream PAM CVS.