Bug 49604 - imap: After installing the newest update, logins are refused
Summary: imap: After installing the newest update, logins are refused
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: imap (Show other bugs)
(Show other bugs)
Version: 5.2
Hardware: i386 Linux
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact: David Lawrence
: 49944 50625 50817 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2001-07-21 12:41 UTC by Need Real Name
Modified: 2007-04-18 16:34 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-09-28 21:19:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2001:120 high SHIPPED_LIVE Updated imap packages available 2001-10-03 04:00:00 UTC

Description Need Real Name 2001-07-21 12:41:32 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-2 i686; en-US; rv:0.9.1)

Description of problem:
After installing the 5.2 errata imap-2000-2.5.i386.rpm, I can no longer
login with pop3.
I see authentication error messages if I telnet to port 110.

After reverting to the previous errata package, the problem goes away.

How reproducible:

Steps to Reproduce:
1.telnet loclashost 110
2.user username
3.pass password

Actual Results:  I got an authentication error message.

Expected Results:  Authentication should have been successful

Additional info:

The machine is a standard RH 5.2 install, with all updates applied, except
it has kernel 2.2.14-12.
It has an old-style passwd file. (i.e. not a shadow password system).
PAM is pam-0.64-4

Comment 1 ovgray 2001-07-22 20:21:36 UTC
I have the same problem - rh5.2, patched 2.0.36 kernel, password file not 
shadowed. I can log in to pop3 server from imap-2000-2.5 just fine, but not 
with imap-2000c-1.5.0.

Comment 2 Mike A. Harris 2001-07-22 21:37:54 UTC
What specific messages do you see?  Can you cut and paste them?

Comment 3 Need Real Name 2001-07-23 11:24:33 UTC
Sorry, It was a client's machine, I can not check this now, however, as far as I
remember, it was the same message that I get when I mis-type the password.

Comment 4 Tom Diehl 2001-07-23 20:46:02 UTC
I have the same problem. Here are the messages from the log (typed by hand):
date machine ipop3d[pid]: port 110 service init ipaddress
date machine ipop3d[pid]:Login failure user=username host-hostname (ipaddress)
date machine ipop3d[pid]: AUTHENTICATE LOGIN FAILURE host=hostname (ipaddress)
date machine ipop3d{pid]: Command stream end of file while reading line user=??? host=hostname (ipaddress)

Obviously this is sanitized but the last line where it says user=??? is what is in the log. If you need more info I will be
happy to provide it.


Comment 5 Need Real Name 2001-07-24 00:40:47 UTC
The session goes like this:

[popserver][/tmp]$ telnet localhost 110
Connected to localhost.
Escape character is '^]'.
+OK POP3 localhost v2000.70rh server ready
user dummy
+OK User name accepted, password please
pass xxxxxxxx
-ERR Bad login

Note that there is no pam file in the rpm (/etc/pam.d/imap and /etc/pam.d/pop).
Putting old pam files fix the problem.

Comment 6 Mike A. Harris 2001-07-24 08:18:18 UTC
Fixed in rawhide packaging, release 2000c-14.  It just needs rebuilding for
5.2/6.2.  Will test soon, and possibly update errata...

Comment 7 Tom Diehl 2001-07-24 13:37:24 UTC
Where is the rawhide srpm? I just looked and the only thing on the redhat ftp site is 2000C-13 with a date of 
21 Jul 01.

Comment 8 Mike A. Harris 2001-07-31 07:42:17 UTC
If ever you're told something is in rawhide, but it isn't, never fear.   ;o)
It is in rawhide but not sync'd yet.  Will need rebuilding in 6.2/5.2
after editing build defs at top and release #.

I plan on releasing new errata sometime, and apologize for the messup.
Should've been caught by our QA, or myself...  Grr!

Comment 9 Mike A. Harris 2001-07-31 07:53:54 UTC
*** Bug 49944 has been marked as a duplicate of this bug. ***

Comment 10 Mike A. Harris 2001-08-02 02:29:20 UTC
*** Bug 50625 has been marked as a duplicate of this bug. ***

Comment 11 Mike A. Harris 2001-08-03 18:38:25 UTC
*** Bug 50817 has been marked as a duplicate of this bug. ***

Comment 12 Mike A. Harris 2001-08-03 18:58:32 UTC
*** Bug 50817 has been marked as a duplicate of this bug. ***

Comment 13 Jacob Killian 2001-08-03 20:01:39 UTC
Would the immediate fix be to revert to the old imap or can I just make
/etc/pam.d/pop and /etc/pam.d/imap look like the old versions?  Or, is there
another fix?

imap 4.7c2:
		auth       required     /lib/security/pam_pwdb.so shadow nullok
		account    required     /lib/security/pam_pwdb.so

		auth       required     /lib/security/pam_pwdb.so shadow nullok
		account    required     /lib/security/pam_pwdb.so

imap 2000c:

		auth       required     /lib/security/pam_stack.so service=system-auth
		account    required     /lib/security/pam_stack.so service=system-auth

		auth       required     /lib/security/pam_stack.so service=system-auth
		account    required     /lib/security/pam_stack.so service=system-auth

Jacob Killian

Comment 14 Jacob Killian 2001-08-08 16:19:19 UTC
Is there a status update on the errata for this bug?

Comment 15 Need Real Name 2001-08-16 03:05:14 UTC
I am not 100% sure, but the bug is probably related 
%define with_pamauth    0
in imap.spec
%define with_pamauth    1
may fix this problem. 
I had such problem with rawhide RPM on RedHat 6.2, 

----------- extract from imap.spec -----------
%if     %{Build_52}
%define with_krb5       0
%define with_ssl        0
%define with_ssl_cert   0
%define with_xinetd     0
%define with_pamauth    0
%define rawhide_features        0
%define release         1.5.0

Comment 16 R P Herrold 2001-09-12 18:08:29 UTC
The imap package is broken with the PAM configuration at present in such a state
that The suggested fix, manually reverting out the /etc/pam.d/pop changes to:

auth       required     /lib/security/pam_pwdb.so shadow nullok
account    required     /lib/security/pam_pwdb.so

works for me ...


Unfortunately, the current version breaks the Microsoft Outlook Express clients,
at some versions, but not all, in authentication, and retrieving mail.  This is
a real problem in an ISP situation ...

Comment 17 Peter Hunter 2001-09-25 10:02:41 UTC
The problem comes because of the poorly-named with_pamauth variable 

- it should be with_newpamauth since the 5.2 and 6.x builds use pam but 

an older pam. 5.2 and 6.x require /etc/pam.d/{imap,pop} just as 7.x does.

The fix is simple:

--- imap.spec~  Sat Jul  7 01:41:58 2001

+++ imap.spec   Tue Sep 25 11:57:56 2001

@@ -252,10 +252,8 @@




-%if %{with_pamauth}

 %config %{_sysconfdir}/pam.d/imap

 %config %{_sysconfdir}/pam.d/pop



 %if %{with_xinetd}

 %config(noreplace) %{_sysconfdir}/xinetd.d/imap

Comment 18 R P Herrold 2001-09-28 03:28:29 UTC
Mike,  Can this be pushed into Nalin's Raw Hide PAM updates of late last week ?
-- Russ

Comment 19 Mike A. Harris 2001-09-28 21:19:37 UTC
I'd like to issue erratum for 5.2/6.2 soon.  I'll build it into
Rawhide as well.
Thanks for the reminder.

Comment 20 Mike A. Harris 2001-10-11 09:41:58 UTC
Fixed in imap-2000c-1.5.1 for Red Hat linux 5.2, and imap-2000c-1.6.1 for
Red Hat Linux 6.2.  Erratum pending release.

Comment 21 Need Real Name 2002-10-07 02:36:01 UTC
Dear mharris

I have the same problem with RH7.2 with imap-2002.RC6. What should I do ?

Note You need to log in before you can comment on or make changes to this bug.