Bug 49604 - imap: After installing the newest update, logins are refused
imap: After installing the newest update, logins are refused
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: imap (Show other bugs)
5.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
David Lawrence
:
: 49944 50625 50817 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-21 08:41 EDT by Need Real Name
Modified: 2007-04-18 12:34 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-09-28 17:19:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-07-21 08:41:32 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-2 i686; en-US; rv:0.9.1)
Gecko/20010608

Description of problem:
After installing the 5.2 errata imap-2000-2.5.i386.rpm, I can no longer
login with pop3.
I see authentication error messages if I telnet to port 110.

After reverting to the previous errata package, the problem goes away.
(imap-2000-2.5)


How reproducible:
Always

Steps to Reproduce:
1.telnet loclashost 110
2.user username
3.pass password
	

Actual Results:  I got an authentication error message.

Expected Results:  Authentication should have been successful

Additional info:

The machine is a standard RH 5.2 install, with all updates applied, except
it has kernel 2.2.14-12.
It has an old-style passwd file. (i.e. not a shadow password system).
PAM is pam-0.64-4
Comment 1 ovgray 2001-07-22 16:21:36 EDT
I have the same problem - rh5.2, patched 2.0.36 kernel, password file not 
shadowed. I can log in to pop3 server from imap-2000-2.5 just fine, but not 
with imap-2000c-1.5.0.
Comment 2 Mike A. Harris 2001-07-22 17:37:54 EDT
What specific messages do you see?  Can you cut and paste them?
Comment 3 Need Real Name 2001-07-23 07:24:33 EDT
Sorry, It was a client's machine, I can not check this now, however, as far as I
remember, it was the same message that I get when I mis-type the password.
Comment 4 Tom Diehl 2001-07-23 16:46:02 EDT
I have the same problem. Here are the messages from the log (typed by hand):
date machine ipop3d[pid]: port 110 service init ipaddress
date machine ipop3d[pid]:Login failure user=username host-hostname (ipaddress)
date machine ipop3d[pid]: AUTHENTICATE LOGIN FAILURE host=hostname (ipaddress)
date machine ipop3d{pid]: Command stream end of file while reading line user=??? host=hostname (ipaddress)

Obviously this is sanitized but the last line where it says user=??? is what is in the log. If you need more info I will be
happy to provide it.

....................Tom
Comment 5 Need Real Name 2001-07-23 20:40:47 EDT
The session goes like this:

[popserver][/tmp]$ telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK POP3 localhost v2000.70rh server ready
user dummy
+OK User name accepted, password please
pass xxxxxxxx
-ERR Bad login


Note that there is no pam file in the rpm (/etc/pam.d/imap and /etc/pam.d/pop).
Putting old pam files fix the problem.
Comment 6 Mike A. Harris 2001-07-24 04:18:18 EDT
Fixed in rawhide packaging, release 2000c-14.  It just needs rebuilding for
5.2/6.2.  Will test soon, and possibly update errata...
Comment 7 Tom Diehl 2001-07-24 09:37:24 EDT
Where is the rawhide srpm? I just looked and the only thing on the redhat ftp site is 2000C-13 with a date of 
21 Jul 01.
Comment 8 Mike A. Harris 2001-07-31 03:42:17 EDT
If ever you're told something is in rawhide, but it isn't, never fear.   ;o)
It is in rawhide but not sync'd yet.  Will need rebuilding in 6.2/5.2
after editing build defs at top and release #.

I plan on releasing new errata sometime, and apologize for the messup.
Should've been caught by our QA, or myself...  Grr!
Comment 9 Mike A. Harris 2001-07-31 03:53:54 EDT
*** Bug 49944 has been marked as a duplicate of this bug. ***
Comment 10 Mike A. Harris 2001-08-01 22:29:20 EDT
*** Bug 50625 has been marked as a duplicate of this bug. ***
Comment 11 Mike A. Harris 2001-08-03 14:38:25 EDT
*** Bug 50817 has been marked as a duplicate of this bug. ***
Comment 12 Mike A. Harris 2001-08-03 14:58:32 EDT
*** Bug 50817 has been marked as a duplicate of this bug. ***
Comment 13 Jacob Killian 2001-08-03 16:01:39 EDT
Would the immediate fix be to revert to the old imap or can I just make
/etc/pam.d/pop and /etc/pam.d/imap look like the old versions?  Or, is there
another fix?

imap 4.7c2:
	/etc/pam.d/pop:
		#%PAM-1.0
		auth       required     /lib/security/pam_pwdb.so shadow nullok
		account    required     /lib/security/pam_pwdb.so

	/etc/pam.d/imap:
		#%PAM-1.0
		auth       required     /lib/security/pam_pwdb.so shadow nullok
		account    required     /lib/security/pam_pwdb.so

imap 2000c:

	/etc/pam.d/pop:
		#%PAM-1.0
		auth       required     /lib/security/pam_stack.so service=system-auth
		account    required     /lib/security/pam_stack.so service=system-auth

	/etc/pam.d/imap:
		#%PAM-1.0
		auth       required     /lib/security/pam_stack.so service=system-auth
		account    required     /lib/security/pam_stack.so service=system-auth

Thanks!
Jacob Killian
Comment 14 Jacob Killian 2001-08-08 12:19:19 EDT
Is there a status update on the errata for this bug?
Comment 15 Need Real Name 2001-08-15 23:05:14 EDT
I am not 100% sure, but the bug is probably related 
to 
%define with_pamauth    0
in imap.spec
Putting 
%define with_pamauth    1
may fix this problem. 
I had such problem with rawhide RPM on RedHat 6.2, 
see
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=47161

----------- extract from imap.spec -----------
%if     %{Build_52}
%define with_krb5       0
%define with_ssl        0
%define with_ssl_cert   0
%define with_xinetd     0
%define with_pamauth    0
%define rawhide_features        0
%define release         1.5.0
%endif
Comment 16 R P Herrold 2001-09-12 14:08:29 EDT
The imap package is broken with the PAM configuration at present in such a state
that The suggested fix, manually reverting out the /etc/pam.d/pop changes to:

auth       required     /lib/security/pam_pwdb.so shadow nullok
account    required     /lib/security/pam_pwdb.so

works for me ...

=======================

Unfortunately, the current version breaks the Microsoft Outlook Express clients,
at some versions, but not all, in authentication, and retrieving mail.  This is
a real problem in an ISP situation ...

Comment 17 Peter Hunter 2001-09-25 06:02:41 EDT
The problem comes because of the poorly-named with_pamauth variable 

- it should be with_newpamauth since the 5.2 and 6.x builds use pam but 

an older pam. 5.2 and 6.x require /etc/pam.d/{imap,pop} just as 7.x does.



The fix is simple:



--- imap.spec~  Sat Jul  7 01:41:58 2001

+++ imap.spec   Tue Sep 25 11:57:56 2001

@@ -252,10 +252,8 @@

 

 %files

 %defattr(-,root,root)

-%if %{with_pamauth}

 %config %{_sysconfdir}/pam.d/imap

 %config %{_sysconfdir}/pam.d/pop

-%endif

 

 %if %{with_xinetd}

 %config(noreplace) %{_sysconfdir}/xinetd.d/imap

Comment 18 R P Herrold 2001-09-27 23:28:29 EDT
Mike,  Can this be pushed into Nalin's Raw Hide PAM updates of late last week ?
-- Russ
Comment 19 Mike A. Harris 2001-09-28 17:19:37 EDT
I'd like to issue erratum for 5.2/6.2 soon.  I'll build it into
Rawhide as well.
Thanks for the reminder.
Comment 20 Mike A. Harris 2001-10-11 05:41:58 EDT
Fixed in imap-2000c-1.5.1 for Red Hat linux 5.2, and imap-2000c-1.6.1 for
Red Hat Linux 6.2.  Erratum pending release.
Comment 21 Need Real Name 2002-10-06 22:36:01 EDT
Dear mharris

I have the same problem with RH7.2 with imap-2002.RC6. What should I do ?


Note You need to log in before you can comment on or make changes to this bug.