# Howto auth Courier-Imap via PAM?

## TheButcher

Hi Folks,

I set up a mailserver with help of the virtual mailhosting guide. Everything seems to work fine, but i wanna do the courier-imap authentication via pam.

/etc/pam.d/smtp, imap and pop3 are all the same (verified with diff). Authentication via Postfix->SASL->PAM->MySQL works flawlessly (even with crypt=1, thats why i want to auth via PAM).

But when i try to auth myself to courier-pop3/imap, authentication fails.

Even authtest fails with: 

```
# authtest -s pop3 user@domain.tld pass

Authentication FAILED: Operation not permitted
```

Damn - What operation?!

Any hints? I'm nearly switching back to Courier->MySQL instead of Courier->PAM->MySQL. But i wanna stick to PAM (for consistency's sake).

Any help is very appreciated.

----------

## TheButcher

Few files:  :Smile: 

/etc/courier/authlib/authdaemond.conf

```
AUTHDAEMOND="authdaemond.plain"
```

/etc/courier/authlib/authdaemonrc

```
authmodulelist="authpam"

authmodulelistorig="authuserdb authpam authshadow authmysql authcustom"

daemons=2

authdaemonvar="/var/lib/courier/authdaemon"

DEBUG_LOGIN=2

DEFAULTOPTIONS=""
```

(Strange thing: DEBUG_LOGIN=2, but i can't find any output in the logs except "LOGIN FAILED"?)

----------

## justanothergentoofanatic

 *Quote:*   

> Damn - What operation?! 

 

Access to the pop3 service. It's just a poorly-worded 'login failed' message.

 *Quote:*   

> authtest -s pop3 user@domain.tld pass

 

With PAM, you can't use the user@domain format; PAM only understands system accounts. If you use 'authtest -s pop3 user', it should work.

-Mike

----------

## TheButcher

Oh - maybe i forgot to tell you, that i set up PAM to auth against MySQL's virtual hosting tables.

So i *can* use user@host.tld.

As i said before: It works just fine via sasl (testsaslauthd -u user@domain.tld -p -s smtp)

Thanks for your suggestions anyway  :Smile: 

----------

## j-m

 *TheButcher wrote:*   

> Oh - maybe i forgot to tell you, that i set up PAM to auth against MySQL's virtual hosting tables.
> 
> 

 

And what do you have in /etc/pam.d/pop and /etc/pam.d/imap  :Question: 

```

# Provided by mailbase (dont remove this line!)

# Standard pam.d file for mail service packages.

# $Header: /var/cvsroot/gentoo-x86/net-mail/mailbase/files/common-pamd,v 1.1 2005/02/10 21:44:24 ferdy Exp $

auth       required     pam_nologin.so

auth       required     pam_stack.so service=system-auth

account    required     pam_stack.so service=system-auth

session    required     pam_stack.so service=system-auth

#Added for MySQL authentication

auth     optional       pam_mysql.so host=localhost db=mail user=someuser \

    passwd=hidden table=users usercolumn=email passwdcolumn=clear crypt=0

account  required       pam_mysql.so host=localhost db=mail user=someuser \

    passwd=hidden table=users usercolumn=email passwdcolumn=clear crypt=0

```

----------

## TheButcher

This one:

```

# Provided by mailbase (dont remove this line!)

# Standard pam.d file for mail service packages.

# $Header: /var/cvsroot/gentoo-x86/net-mail/mailbase/files/common-pamd,v 1.1 2005/02/10 21:44:24 ferdy Exp $

#auth       required     pam_nologin.so

#auth       required     pam_stack.so service=system-auth

#account    required     pam_stack.so service=system-auth

#session    required     pam_stack.so service=system-auth

#Added for MySQL authentication

auth     optional       pam_mysql.so host=localhost db=mail user=someuser \

    passwd=hidden table=users usercolumn=email passwdcolumn=clear crypt=0

account  required       pam_mysql.so host=localhost db=mail user=someuser \

    passwd=hidden table=users usercolumn=email passwdcolumn=clear crypt=0

```

I've got exactly the same content in imap, pop and smtp (checked with diff!) and smtp-auth via Postfix->Saslauthd->PAM->MySQL works!  :Question: 

----------

## j-m

Did you emerge courier-authlib with USE="pam" ?

----------

## TheButcher

Yes i did.  :Smile: 

----------

## j-m

Hmm, check your MySQL log then. Are you sure that the user has correct permissions to that MySQL DB?

----------

## TheButcher

Err... how do i turn on *really* verbose logging on mysql?  :Embarassed: 

----------

## j-m

 *TheButcher wrote:*   

> Err... how do i turn on *really* verbose logging on mysql? 

 

Try http://dev.mysql.com/doc/mysql/en/using-log-files.html

----------

## sf_alpha

set /etc/pam.d/xxx (like above one)

make sure courier-authlib have USE="pam"

edit /etc/courier/authlib/authdaemonrc

set  authmodulelist="authpam authuserdb authshadow authcustom"

(authpgsql, authmysql should be remove if not used)

Try IMAP login again. with courier verbose login (set DEBUG_LOGIN = 1 in authdaemonrc) if it have some errors !

----------

## TheButcher

Well, thats actually what i have done ^^

Logs just say: LOGIN FAILED  :Question: 

----------

## justanothergentoofanatic

Have you tried adding the 'debug' option to pam_mysql? That should tell you the username/password it is trying to use.

-Mike

----------

