Fixing dovecot authentication so that pop3 authentication doesn't hang

From Nearline Storage
Jump to: navigation, search

When the fingerprint reader is enabled and pam's system-auth file has been configured to call pam_bioapi.so to do authentication then dovecot will try to use the fingerprint reader every time someone wants to login. You won't see then fingerprint reader prompt because the dovecot userid is authorized to use it. Logins will just fail after a long wait.

You need to modify the /etc/pam.d/dovecot file that's installed from the RPM so that is doesn't use the fingerprint reader. I used the instructions for setting up ssh so that it doesn't use the reader found at ThinkWiki.org

#%PAM-1.0
# auth       required     pam_nologin.so
# auth       required     pam_stack.so service=system-auth
# account    required     pam_stack.so service=system-auth
# session    required     pam_stack.so service=system-auth
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     required      /lib/security/$ISA/pam_permit.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so