search

wdoekes / pam-imap

pam-imap 0.3.9 - PAM module that authenticates a user login against a remote IMAP(S) server.
GNU General Public License v2.0
7 stars 3 forks source link

Can't make it work [Solved] #1

Closed Dacha204 closed 7 years ago

Dacha204 commented 7 years ago

I managed to compile it, but can't make it work.

What I've done:

  1. Copy pam_imap.so to /lib/x86_64-linux-gnu/security/pam_imap.so

  2. Copy pam_imap.conf to /etc/pam.d/pam_imap.conf

  3. Changed variables in pam_imap.conf:

    CertificateFile /etc/ssl/certs/imapd.pem PAM_Server0 = imaps:imap.gmail.com:993 PAM_Domain = gmail.com

  4. Created check_user in /etc/pam.d/ folder:

    auth required /lib/x86_64-linux-gnu/security/pam_imap.so conf=/etc/pam.d/pam_imap.conf auth requisite pam_deny.so auth required pam_permit.so @include common-account @include common-password @include common-session

  5. Generated imapd.pem in /etc/ssl/certs/imapd.pem using openssl req -newkey rsa:4096 -nodes -sha512 -x509 -days 3650 -nodes -out /etc/ssl/certs/imapd.pem -keyout /etc/ssl/private/imapd.pem

Then I tried _checkuser utility and failed. /var/log/auth.log inspection shows:

Aug 15 09:03:26 ht-devsrv check_user: PAM unable to dlopen(/lib/x86_64-linux-gnu/security/pamimap.so): /lib/x86 64-linux-gnu/security/pam_imap.so: undefined symbol: ASN1_TIME_print Aug 15 09:03:26 ht-devsrv check_user: PAM adding faulty module: /lib/x86_64-linux-gnu/security/pam_imap.so

Also tried to play with /etc/pam.d/sshd, but then i got this error in auth.log:

Aug 15 09:38:40 ht-devsrv sshd[39056]: PAM unable to dlopen(/lib/x86_64-linux-gnu/security/pam_imap.so): /lib/x86 _64-linux-gnu/security/pam_imap.so: undefined symbol: SSL_get_error Aug 15 09:38:40 ht-devsrv sshd[39056]: PAM adding faulty module: /lib/x86_64-linux-gnu/security/pam_imap.so

Working config examples would be very helpful. Distro: Ubuntu Server 16.04.3 LTS

Dacha204 commented 7 years ago

I managed to make it work on Ubuntu 16.04. Check: https://github.com/Dacha204/pam-imap

wdoekes commented 7 years ago

Thanks for your fixes. I adapted your build-step fixes and committed them.

Please try the latest version and see if it works for you.

I'll try to merge some of your other commits too, but not right now :)

wdoekes commented 7 years ago

Ok. I think I fixed the important stuff.

If you want your documentation additions/changes merged, please file a PR for those changes. Thanks!

Dacha204 commented 7 years ago

It works now :+1:

wdoekes commented 7 years ago

TY for confirming.