Using imapd without shell-access?
Hi friends, could you please help me? I fumbled around for some time now, looked at the imapd sources and searched the net but could not solve the following problem: When I call imapd for a user with a normal shell account (e.g. the shell is /bin/bash for that user), imap-access is doing fine. But when I use a dummy shell for the same user (say /bin/false or similiar) imapd refuses to login with the syslog-message ... imapd[27691]: Login failure user=blah host=blah ... Any hint or idea? Anybody using imapd for users without shells? Or are you doing it within chroot environments only? I'm well aware, that the IMAP-protocoll gives the user some sort of shell on the system. But I would like to understand how (and where) imapd is using the normal user's shell in addition to it's own system-access. Thanks for your help Michael BTW the system is a SuSE 8.0 with imap-2000c-139 -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
Ooops, sorry. That imap-problem is not caused by the shell, but by MD5 passwords on the NO LOGIN accounts. Have to take a closer look. Michael -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
* Michael Zimmermann wrote on Sun, Aug 11, 2002 at 20:52 +0200:
is doing fine. But when I use a dummy shell for the same user (say /bin/false or similiar) imapd refuses to login with the syslog-message
Maybe imapd checks /etc/shells and wants to find /bin/false in it? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At Sunday 11 August 2002 21:45 Steffen Dettmer wrote:
Maybe imapd checks /etc/shells and wants to find /bin/false in it?
No Steffen, I made an error in my analysis. The real reason of being unable to login had to do with MD5-Passwords on that accounts. Somehow (I think) PAM is unable to handle MD5 passwords correctly with certain applications. Could be, there was a PAM-interface-change and not all apps are using the right PAM-Interface (?) or something like that. I don't know, but I avoided the problem by switching to cram-md5 authentication instead of PAM. Greetings Michael - -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9V3MD72vu22ltWBERArY7AJ4xSiOquH/b8twixySZ/aDJoN1+DgCfde/h pwkRU05WlBRNRT+dEdWB+n0= =2FW0 -----END PGP SIGNATURE-----
participants (2)
-
Michael Zimmermann
-
Steffen Dettmer