Re: [exim] Dovecot authenticator always fails if in first at…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Eduardo M KALINOWSKI
CC: exim-users
Subject: Re: [exim] Dovecot authenticator always fails if in first attemptwrong password is given
On 2008-09-12 at 09:52 -0300, Eduardo M KALINOWSKI wrote:
> Tony Finch escreveu:
> > What do the dovecot logs say?
>
> dovecot: 2008-09-12 09:47:48 Error: auth-worker(default):
> pam(test.com.br,127.0.0.1): pam_authenticate() failed: User not known to
> the underlying authentication module
> dovecot: 2008-09-12 09:48:03 Error: auth(default): BUG: Authentication
> client gave a PID 21989 of existing connection


This is the problem fixed in CVS, the one I drew attention to. Cool, I
was actually right. ;-)

http://bugs.exim.org/show_bug.cgi?id=667

> 21989 AUTH      890     PLAIN   service=smtp    secured rip=127.0.0.1  
> lip=127.0.0.1   resp=AHRlc3QuY29tLmJyAGFhYWEA


I'm very glad you used test data there instead of real data. :)

> It appears to be a problem on how exim talks to the authenticating
> program. Since Phil mentioned changes in version 4.69, I might try to
> upgrade exim, unless someone has any other ideas.


The changes were made *after* 4.69. They will be in 4.70 when 4.70 is
released.

There have been multiple improvements to Dovecot. But below is the fix
which Nigel Metheringham committed to CVS to fix this particular
problem; this should apply cleanly to 4.68.

-Phil

Index: src/auths/dovecot.c
===================================================================
RCS file: /repo/exim/exim-src/src/auths/dovecot.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -p -u -r1.8 -r1.9
--- src/auths/dovecot.c    18 Jan 2008 12:23:26 -0000    1.8
+++ src/auths/dovecot.c    6 Feb 2008 12:44:59 -0000    1.9
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/auths/dovecot.c,v 1.8 2008/01/18 12:23:26 nm4 Exp $ */
+/* $Cambridge: exim/exim-src/src/auths/dovecot.c,v 1.9 2008/02/06 12:44:59 nm4 Exp $ */


 /*
  * Copyright (c) 2004 Andrey Panin <pazke@???>
@@ -369,6 +369,9 @@ int auth_dovecot_server(auth_instance *a
        }


 out:
+       /* close the socket used by dovecot */
+       if (fd >= 0)
+              close(fd);


        /* Expand server_condition as an authorization check */
        return (ret == OK)? auth_check_serv_cond(ablock) : ret;