[Bug 331683] New: ipop3d (imap package) produces PAM error on checking email
https://bugzilla.novell.com/show_bug.cgi?id=331683 Summary: ipop3d (imap package) produces PAM error on checking email Product: openSUSE 10.3 Version: Final Platform: x86-64 OS/Version: openSUSE 10.3 Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: joe_morris@ntm.org QAContact: qa@suse.de CC: kukuk@novell.com Found By: --- Upgraded from 10.2. Everytime I pop email, there is a PAM error (audit_log_acct_message() failed: Operation not permitted. Everything still works though, just lots of error messages in the log. It appears to be related to a recent change in the pam package. Not sure if the fix would be a change in /etc/pam.d/pop, or something in the pam code. CC'ing Thorsten Kukuk as I figure he knows the answer immediately. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683#c1
--- Comment #1 from Thorsten Kukuk
https://bugzilla.novell.com/show_bug.cgi?id=331683#c2
--- Comment #2 from Joe Morris
https://bugzilla.novell.com/show_bug.cgi?id=331683
Mark Gordon
https://bugzilla.novell.com/show_bug.cgi?id=331683#c3
Sierk Bornemann
https://bugzilla.novell.com/show_bug.cgi?id=331683#c4
--- Comment #4 from Joe Morris
https://bugzilla.novell.com/show_bug.cgi?id=331683
User suse-beta@cboltz.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c5
Christian Boltz
I am not too sure now that the problem is with the uw imap package. I sure seems to be a PAM problem. I am seeing the same error for sshd. Nov 6 17:46:48 server sshd[10109]: PAM audit_log_acct_message() failed: Operation not permitted
The error with sshd is handled in bug 334559
I also see this, not sure it is the same but maybe: Nov 6 14:05:46 server sudo: pam_unix2(sudo:auth): conversation failed
Sounds like a different error to me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683
User drankinatty@suddenlinkmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c6
David Rankin
https://bugzilla.novell.com/show_bug.cgi?id=331683
User joe_morris@ntm.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c7
--- Comment #7 from Joe Morris
https://bugzilla.novell.com/show_bug.cgi?id=331683
User kukuk@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c8
--- Comment #8 from Thorsten Kukuk
This is the same error message, but sshd instead of imapd. That is why I think it may be PAM.
No, this has nothing to do with PAM. The sshd messages are a bug in sshd, which was fixed meanwhile, but I don't know if it is released as maintenance update yet. This message means, that the application is calling a PAM function with the wrong privileges. In the most cases, this happens, if the application drops root privileges and than calls a PAM function. If authentication does not work and you see this PAM message, than most likely imapd is running with the wrong privileges and thus is not able to retrieve the user passwords from /etc/shadow for user authentication. But this is no PAM problem, PAM is not able to solve or workaround that, and there was no changes in this regard in PAM. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683
User drankinatty@suddenlinkmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c9
--- Comment #9 from David Rankin
https://bugzilla.novell.com/show_bug.cgi?id=331683
User drankinatty@suddenlinkmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c10
--- Comment #10 from David Rankin
https://bugzilla.novell.com/show_bug.cgi?id=331683
User kukuk@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c11
--- Comment #11 from Thorsten Kukuk
How then did Yast screw up the imapd user privilege with a simple Yast install of imap?
Why do you always assume that this bug must be somewhere else and cannot be a simple imap bug? There was a imap version update, too.
Second, where is the user for imapd controlled so we can take a look and tell if that is the problem?
Look at the imapd sources.
I have run many servers since SuSE 8.0 and I have never seen such PAM strangeness before.
*ROTFL* Do you really think bugs has to be in a piece of software with SuSE Linux 8.0 already and cannot be introduced later? Between, even with SuSE Linux 8.0 there were such bugs, but you would not have seen them with such an error message, since no audit support exist at that time, its pretty new. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683
User kukuk@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c12
--- Comment #12 from Thorsten Kukuk
I don't know how it can be an imap problem if PAM is saying that root cannot perform an operation while running imapd
I never wrote that imapd is not running as root, I wrote that imapd is calling PAM functions without root privileges. That's a big difference. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683
User drankinatty@suddenlinkmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c13
--- Comment #13 from David Rankin
https://bugzilla.novell.com/show_bug.cgi?id=331683
User drankinatty@suddenlinkmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c14
--- Comment #14 from David Rankin
https://bugzilla.novell.com/show_bug.cgi?id=331683
Hendrik Vogelsang
https://bugzilla.novell.com/show_bug.cgi?id=331683
User hvogel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=331683#c17
Hendrik Vogelsang
participants (1)
-
bugzilla_noreply@novell.com