Univention Bugzilla – Bug 38457
PAM stack for Dovecot
Last modified: 2015-09-08 11:08:22 CEST
univention-mail-dovecot should install its own pam configuration for IMAP4/POP3 login.
In 60838 /etc/pam.d/dovecot was added to the Dovecot integration package.
PAM stack is ok and works as expected during the tests.
Noticed in conjunction with horde: if the UID is used for login, the user authenticates against pam_unix in the dovecot PAM stack, which is the first entry. pam_univentionmailcyrus.so seems to be never called, so the UID is never rewritten to mailPrimaryAddress and not passed correctly to dovecot. Since dovecot requires a mailPrimaryAddress for login, pam_unix should be removed from PAM stack "dovecot".
In commit 61865 (0.0.0-54) pam_unix was removed from Dovecots PAM stack.
Direct login via UID no longer possible. Login via UID still possible at horde. Correct INBOX is used. → VERIFIED
<http://errata.univention.de/ucs/4.0/237.html>