Bug 38457 - PAM stack for Dovecot
PAM stack for Dovecot
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Mail - Dovecot
UCS 4.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: Daniel Tröder
Sönke Schwardt-Krummrich
:
Depends on: 38387 39317
Blocks: 34839 38883
  Show dependency treegraph
 
Reported: 2015-05-06 15:35 CEST by Daniel Tröder
Modified: 2015-09-08 11:08 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2015-05-06 15:35:34 CEST
univention-mail-dovecot should install its own pam configuration for IMAP4/POP3 login.
Comment 1 Daniel Tröder univentionstaff 2015-06-25 10:12:11 CEST
In 60838 /etc/pam.d/dovecot was added to the Dovecot integration package.
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2015-06-30 00:15:01 CEST
PAM stack is ok and works as expected during the tests.
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2015-07-08 11:32:59 CEST
Noticed in conjunction with horde:
if the UID is used for login, the user authenticates against pam_unix in the dovecot PAM stack, which is the first entry. pam_univentionmailcyrus.so seems to be never called, so the UID is never rewritten to mailPrimaryAddress and not passed correctly to dovecot.
Since dovecot requires a mailPrimaryAddress for login, pam_unix should be removed from PAM stack "dovecot".
Comment 4 Daniel Tröder univentionstaff 2015-07-08 12:06:34 CEST
In commit 61865 (0.0.0-54) pam_unix was removed from Dovecots PAM stack.
Comment 5 Sönke Schwardt-Krummrich univentionstaff 2015-07-09 01:17:27 CEST
Direct login via UID no longer possible. Login via UID still possible at horde.
Correct INBOX is used. → VERIFIED
Comment 6 Janek Walkenhorst univentionstaff 2015-07-09 18:12:16 CEST
<http://errata.univention.de/ucs/4.0/237.html>