[Bug 331683] New: ipop3d (imap package) produces PAM error on checking email
https://bugzilla.novell.com/show_bug.cgi?id=331683 Summary: ipop3d (imap package) produces PAM error on checking email Product: openSUSE 10.3 Version: Final Platform: x86-64 OS/Version: openSUSE 10.3 Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: joe_morris@ntm.org QAContact: qa@suse.de CC: kukuk@novell.com Found By: --- Upgraded from 10.2. Everytime I pop email, there is a PAM error (audit_log_acct_message() failed: Operation not permitted. Everything still works though, just lots of error messages in the log. It appears to be related to a recent change in the pam package. Not sure if the fix would be a change in /etc/pam.d/pop, or something in the pam code. CC'ing Thorsten Kukuk as I figure he knows the answer immediately. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683#c1 --- Comment #1 from Thorsten Kukuk <kukuk@novell.com> 2007-10-08 02:15:31 MST --- That's a libaudit message. Sounds like your pop daemon is doing authentification as normal user, not as root (which violates PAM specification) and thus libaudit is not allowed to write to audit daemon. If you did not saw this with 10.2, you had no audit daemon running or ipop3d did the authentication correct. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683#c2 --- Comment #2 from Joe Morris <joe_morris@ntm.org> 2007-10-08 06:52:55 MST --- Given that I did have auditd running in 10.2, I will assume the problem must be with the uw imap package. I did have an apparmor profile for ipop3d, but had it in complain, so I do not think that is the problem. To test, I went ahead and installed dovecot. After getting it configured, it is working without any problems, so I guess I will switch. I did check via openssl s_client with KDE system Guard open to check the user. When I connected to it was running as root, after I logged in it was running as my user. After what you wrote, I decided if ipop3d does not authenticate correctly now, it may be time to try out dovecot. Thanks for your feedback. I assume then this is a bug in uw imap package. It did work correctly in 10.2, at least there were no errors like there is now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 Mark Gordon <mtgordon@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mtgordon@novell.com AssignedTo|bnc-team-screening@forge.provo.novell.com |mskibbe@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683#c3 Sierk Bornemann <sierkb@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sierkb@gmx.de --- Comment #3 from Sierk Bornemann <sierkb@gmx.de> 2007-11-06 20:03:41 MST --- I have this error message too flooding /var/log/messages, every time my IMAP client polls my UW IMAP server, independently of audit daemon running or not: imapd[12345]: PAM audit_log_acct_message() failed: Operation not permitted -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683#c4 --- Comment #4 from Joe Morris <joe_morris@ntm.org> 2007-11-07 03:08:52 MST --- I am not too sure now that the problem is with the uw imap package. I sure seems to be a PAM problem. I am seeing the same error for sshd. Nov 6 17:46:48 server sshd[10109]: PAM audit_log_acct_message() failed: Operation not permitted I also see this, not sure it is the same but maybe: Nov 6 14:05:46 server sudo: pam_unix2(sudo:auth): conversation failed These are errors on machines that ran fine with 10.2. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User suse-beta@cboltz.de added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c5 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta@cboltz.de --- Comment #5 from Christian Boltz <suse-beta@cboltz.de> 2007-12-09 14:34:32 MST --- (In reply to comment #4 from Joe Morris)
I am not too sure now that the problem is with the uw imap package. I sure seems to be a PAM problem. I am seeing the same error for sshd. Nov 6 17:46:48 server sshd[10109]: PAM audit_log_acct_message() failed: Operation not permitted
The error with sshd is handled in bug 334559
I also see this, not sure it is the same but maybe: Nov 6 14:05:46 server sudo: pam_unix2(sudo:auth): conversation failed
Sounds like a different error to me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User drankinatty@suddenlinkmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c6 David Rankin <drankinatty@suddenlinkmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |drankinatty@suddenlinkmail.com --- Comment #6 from David Rankin <drankinatty@suddenlinkmail.com> 2008-01-08 22:56:31 MST --- I too am struck with the PAM audit_log_acct_message() error: A fresh svn squirrelmail install on opensuse 10.3 with wu imap. I am receiving a very strange error when replying to messages. The error is: ERROR: ERROR: Connection dropped by IMAP server. Query: SELECT "INBOX" A screenshot is available at: http://www.rankinlawfirm.com/download/screenshots/sqmail/sqmailError_ConnDro... The reply "IS" sent successfully and sqmail seems to be functioning normally otherwise. While the imap transaction is underway, the following error is generated in /var/log/messages. There are multiple identical errors: Jan 7 15:44:35 bonza imapd[19416]: PAM audit_log_acct_message() failed: Operation not permitted. Searching, I think it is related to the uw imap disabling of plain text passwords. However, the same behavior occurs with plaintext is enabled in /etc/c-client.cf with "set disable-plaintext 0". Editing c-client.cf with the above does allow login on port 143 and setting "Secure IMAP (TLS)" to false in conf.pl, but the same error shown in the screenshot occurs when replying to mail. Any help or direction to more documentation would be appreciated. If I can run any more tests to help or provide any more information, just let me know and I will be glad to comply. P.S. - the problem exists on both version 1.4.14 and 1.5.2-dev. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User joe_morris@ntm.org added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c7 --- Comment #7 from Joe Morris <joe_morris@ntm.org> 2008-01-09 04:43:55 MST --- I am pretty sure it has nothing to the disabling of plaintext passwords. That happened back in 8.2's version. UW imap has not changed that much I suspect since 10.2, where it worked fine. I never tried the 10.2 version in 10.3 to verify (I switched to dovecot), but seeing the same error with other apps, I believe the problem lies in PAM, i.e. Jan 7 17:38:31 server sshd[9395]: PAM audit_log_acct_message() failed: Operation not permitted Jan 7 18:58:13 server sshd[10824]: PAM audit_log_acct_message() failed: Operation not permitted Jan 7 19:26:39 server sshd[11387]: PAM audit_log_acct_message() failed: Operation not permitted Jan 7 19:35:22 server sshd[11572]: PAM audit_log_acct_message() failed: Operation not permitted Jan 7 19:41:30 server sshd[12104]: PAM audit_log_acct_message() failed: Operation not permitted Jan 7 19:47:51 server sshd[12262]: PAM audit_log_acct_message() failed: Operation not permitted This is the same error message, but sshd instead of imapd. That is why I think it may be PAM. But I am sure it is not the switch to no plain text passwords, since that happened before 8.2, and was the same in 10.2 when there were no such errors. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User kukuk@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c8 --- Comment #8 from Thorsten Kukuk <kukuk@novell.com> 2008-01-09 05:44:35 MST --- (In reply to comment #7 from Joe Morris)
This is the same error message, but sshd instead of imapd. That is why I think it may be PAM.
No, this has nothing to do with PAM. The sshd messages are a bug in sshd, which was fixed meanwhile, but I don't know if it is released as maintenance update yet. This message means, that the application is calling a PAM function with the wrong privileges. In the most cases, this happens, if the application drops root privileges and than calls a PAM function. If authentication does not work and you see this PAM message, than most likely imapd is running with the wrong privileges and thus is not able to retrieve the user passwords from /etc/shadow for user authentication. But this is no PAM problem, PAM is not able to solve or workaround that, and there was no changes in this regard in PAM. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User drankinatty@suddenlinkmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c9 --- Comment #9 from David Rankin <drankinatty@suddenlinkmail.com> 2008-01-09 19:22:28 MST --- Well if it has nothing to do with PAM, How then did Yast screw up the imapd user privilege with a simple Yast install of imap? Second, where is the user for imapd controlled so we can take a look and tell if that is the problem? I have run many servers since SuSE 8.0 and I have never seen such PAM strangeness before. Is there anything I can post that will help shed some light on the situation? I am more than happy to provide any information/logs/test etc.. that will help. I have 1659 of these errors in the past couple of days affecting *both* imapd and sshd: root@bonza:/home/david # grep PAM /var/log/messages > linux/pam_error root@bonza:/home/david # less linux/pam_error < BIG snip > Jan 9 18:00:01 bonza imapd[14318]: PAM audit_log_acct_message() failed: Operation not permitted Jan 9 18:00:01 bonza imapd[14319]: PAM audit_log_acct_message() failed: Operation not permitted Jan 9 18:00:01 bonza imapd[14320]: PAM audit_log_acct_message() failed: Operation not permitted Jan 9 19:00:01 bonza imapd[15253]: PAM audit_log_acct_message() failed: Operation not permitted Jan 9 19:00:01 bonza imapd[15255]: PAM audit_log_acct_message() failed: Operation not permitted Jan 9 19:00:01 bonza imapd[15256]: PAM audit_log_acct_message() failed: Operation not permitted Jan 9 19:20:35 bonza sshd[14788]: PAM audit_log_acct_message() failed: Operation not permitted Jan 9 20:00:01 bonza imapd[16200]: PAM audit_log_acct_message() failed: Operation not permitted Jan 9 20:00:01 bonza imapd[16219]: PAM audit_log_acct_message() failed: Operation not permitted Jan 9 20:00:01 bonza imapd[16220]: PAM audit_log_acct_message() failed: Operation not permitted linux/pam_error lines 1607-1659/1659 (END) Let me know, I'm glad to help. Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User drankinatty@suddenlinkmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c10 --- Comment #10 from David Rankin <drankinatty@suddenlinkmail.com> 2008-01-09 19:40:44 MST --- Currently Yast shows: Status│Service │Type │Protocol│Wait│User │Server On │imap │stream│ tcp │No │root │/usr/sbin/imapd I don't know how it can be an imap problem if PAM is saying that root cannot perform an operation while running imapd -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User kukuk@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c11 --- Comment #11 from Thorsten Kukuk <kukuk@novell.com> 2008-01-10 00:08:23 MST --- (In reply to comment #9 from David Rankin)
How then did Yast screw up the imapd user privilege with a simple Yast install of imap?
Why do you always assume that this bug must be somewhere else and cannot be a simple imap bug? There was a imap version update, too.
Second, where is the user for imapd controlled so we can take a look and tell if that is the problem?
Look at the imapd sources.
I have run many servers since SuSE 8.0 and I have never seen such PAM strangeness before.
*ROTFL* Do you really think bugs has to be in a piece of software with SuSE Linux 8.0 already and cannot be introduced later? Between, even with SuSE Linux 8.0 there were such bugs, but you would not have seen them with such an error message, since no audit support exist at that time, its pretty new. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User kukuk@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c12 --- Comment #12 from Thorsten Kukuk <kukuk@novell.com> 2008-01-10 00:10:11 MST --- (In reply to comment #10 from David Rankin)
I don't know how it can be an imap problem if PAM is saying that root cannot perform an operation while running imapd
I never wrote that imapd is not running as root, I wrote that imapd is calling PAM functions without root privileges. That's a big difference. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User drankinatty@suddenlinkmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c13 --- Comment #13 from David Rankin <drankinatty@suddenlinkmail.com> 2008-01-10 00:48:17 MST --- I think I have the latest rpms installed. Here is what is on my system: imap-2006c1_suse-51 imap-lib-2006c1_suse-51 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User drankinatty@suddenlinkmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c14 --- Comment #14 from David Rankin <drankinatty@suddenlinkmail.com> 2008-01-15 21:16:07 MST --- Please see the latest posts for the probably related bug 353252: The error also occurs on i386. The tests I have run reveal the error is first caused by fetchmail authenticating against UW imap with a self-signed certificate which succeeds and produces the imapd PAM error and then the error repeats for any subsequent imap folder access regardless whether it is from fetchmail or not. Over time this leads to a kernel melt-down. https://bugzilla.novell.com/show_bug.cgi?id=353252 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 Hendrik Vogelsang <hvogel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=331683 User hvogel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=331683#c17 Hendrik Vogelsang <hvogel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WONTFIX --- Comment #17 from Hendrik Vogelsang <hvogel@novell.com> 2008-07-01 05:58:25 MDT --- Please try with 11.0 and reopen if this still hapenns. I seriously recommend to switch to a modern imap server like dovecot, cyrus or courier. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com