Cannot make it to authenticate users

[lejeczek]

Hi, I'm trying to set up simple basic auth:

<Location /svnpam>
    DirectoryIndex disabled
    DAV svn
    ForceType text/plain
    SVNReposName "svn pam"
    SVNPath /__.aLocalStorage/vol.1/var/www/svnrepo
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None

    AuthType Basic
    AuthName "svn pam"
    AuthBasicProvider PAM
    AuthPAMService dovecot

    <RequireAny>
      Require valid-user
    </RequireAny>
</Location>

You can see I'm trying to use Dovecot's PAM, I'd guess most of those preconfigured configs should do. When get prompted for user/pass it fails: ... check pass; user unknown password check failed for user (me) pam_unix(dovecot:auth): authentication failure; logname= uid=48 euid=48 tty= ruser= rhost=10.3.1.21 user=me ...

My users are in passwd/shadow. Would appreciated any light shed on possible problem(s). many thanks, L.

[schnitzi99]

Hi, what user is UID / GID 48 on your system? AFAIK PAM is operating with the UID/GID of the Daemon that calls it (in this case apache?). So the apache-user might be lacking sufficient access rights to /etc/pam.d/dovecot or something downstream in your pam-process (i.e. some pam-modules you included in your /etc/pam.d/dovecot).

In my case pam_abl as a component of my authentification procedure had a problem with file access to its database files: pam_abl was first called with the apache user (and created its database) and the dovecot user couldn't access these database files --> authentification failed

Could be something similar in your scenario.

Best regards, Schnitzi

[adelton]

I agree -- if the users are in /etc/passwd / /etc/shadow, uid 48 will not be able to read that /etc/shadow.

@lejeczek, can you show your /etc/pam.d/dovecot?

[adelton]

@lejeczek, can we agree that this is the same case as https://bugzilla.redhat.com/show_bug.cgi?id=1666334 and so can be closed as NOTABUG?