[clug-talk] email authentication stopped

Gustin Johnson gustin at echostar.ca
Fri Dec 9 17:08:26 PST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

grep -r pam_unix /var/log/*

Where is PAM logging going to?

Shawn wrote:
> Thanks Hendrik.
> 
> Now that I'm done my running around this afternoon, I'll be reviewing the 
> setup from start to finish to make sure everything is correct.  But, prior to 
> getting this error, there were no upgrades - we don't have anything set to 
> happen automatically (other than backup jobs, and syncing the portage tree 
> weekly).  As for the auth module, we are doing simple shell accounts, so it 
> should be PAM authorization.  I think the the /usr/bin/checkvpw script is for 
> the vpopmail tool - which is for virtual domains/accounts.  I've used that in 
> the past, but not on this box.
> 
> Gustin, there is no /var/log/auth.log file.  Here's the /var/log directory:
> 
> ~ # ls /var/log
> analog  apache2  critical  crond  dmesg  emerge.log  everything  kernel  
> lastlog  mail  mysql  news  ntp.log  pwdfail  qmail  sandbox  sshd  telnet  
> wtmp
> 
> (we are using the metalog logging daemon).
> As you can see, the only things that might be of interest in this case is the 
> everything, mail, and pwdfail logs.  All three have similar entries about 
> login failure, but nothing that says "the problem is this...".
> 
> So, I'll basically go through from scratch and check EVERYTHING over (in terms 
> of the mail server config files at least...)
> 
> Thanks for the tips guys... much appreciated.
> 
> Shawn
> 
> On Friday 09 December 2005 16:08, Hendrik Schaink wrote:
> 
>>(Under debian) I would check if courier-authdaemon was recently
>>upgraded. It may have installed / overridden one or more of the files
>>/etc/courier/authaemonrc, /etc/courier/authmodulelist.
>>
>>The other check to make would be on the specific authorization module,
>>in my case /usr/bin/checkvpw. Does it exit / was it upgraded?
>>
>>HTH, Hendrik Schaink
>>
>>Shawn wrote:
>>
>>>I'm banging my head against the wall on this one...  One of the mail
>>>systems I take care of has been working fine for months.  Today all of a
>>>sudden, nobody can authenticate and retrieve their mail.  I checked the
>>>logs and see this:
>>>
>>>Dec  9 11:46:40 [pop3d] Connection, ip=[::ffff:68.144.188.211]
>>>Dec  9 11:46:40 [pop3d] LOGIN FAILED, user=sgrover,
>>>ip=[::ffff:68.144.188.211] Dec  9 11:46:45 [pop3d] LOGOUT,
>>>ip=[::ffff:68.144.188.211]
>>>Dec  9 11:46:45 [pop3d] Disconnected, ip=[::ffff:68.144.188.211]
>>>Dec  9 11:46:47 [pop3d] Connection, ip=[::ffff:68.144.188.211]
>>>Dec  9 11:46:47 [pop3d] LOGIN FAILED, user=sgrover,
>>>ip=[::ffff:68.144.188.211] Dec  9 11:46:52 [pop3d] LOGOUT,
>>>ip=[::ffff:68.144.188.211]
>>>Dec  9 11:46:52 [pop3d] Disconnected, ip=[::ffff:68.144.188.211]
>>>
>>>
>>>but there is not much else in the logs that is useful.
>>>
>>>The system in question is a very basic Postfix, sasl2, courier-authlib
>>>system, (using courier-imap as well to provide the pop3 services).  I've
>>>restarted each of the services and the problem persists.  I updated
>>>Postfix and courier-authlib (they were a generation or two old), and
>>>still no luck.  I am able to send mail to the server, and from a console
>>>prompt verify the mail is there waiting.  I also verified I could send
>>>mail from a console (using mutt).  But trying to connect with POP3 keeps
>>>failing login.  On a lark, I even forced a password change for one of the
>>>shell accounts in question, still no luck.
>>>
>>>So, the problem appears to be with the courier-authlib set up, but this
>>>has been working for months, and just stopped with no changes to any
>>>config files (unless I've been hacked...).  Any tips on what else I could
>>>look at? Thanks.
>>>
>>>Shawn
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>_______________________________________________
>>>clug-talk mailing list
>>>clug-talk at clug.ca
>>>http://clug.ca/mailman/listinfo/clug-talk_clug.ca
>>>Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
>>>**Please remove these lines when replying
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>_______________________________________________
>>>clug-talk mailing list
>>>clug-talk at clug.ca
>>>http://clug.ca/mailman/listinfo/clug-talk_clug.ca
>>>Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
>>>**Please remove these lines when replying
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDmiqKwRXgH3rKGfMRAiz6AJsGUp2QqLRVNeIHTpKxE7nJEKZG+wCbB/Im
CqM5Ny0VdlvXJpIKFVsxHuU=
=BwqN
-----END PGP SIGNATURE-----

More information about the clug-talk mailing list