[CentOS] Pam problems

Thu Feb 23 15:54:29 UTC 2012
Steve Campbell <campbell at cnpapers.com>


On 2/23/2012 7:36 AM, Steve Campbell wrote:
>
> On 2/22/2012 4:31 PM, Les Mikesell wrote:
>> On Wed, Feb 22, 2012 at 2:36 PM, Steve Campbell<campbell at cnpapers.com>   wrote:
>>> I'm having problems with what I think is PAM. Seems that ever since
>>> Centos 5, proftpd has had problems using pam, and with Centos 6.2 64
>>> bit, I had to quit using it altogether with proftpd.
>> Do you mean some specific pam step listed in /etc/pam.d/proftpd fails,
>> or what?  And are you doing anything exotic there or just trying to
>> read the shadow file?  And when reading the shadow file, is SElinux
>> enabled and logging errors?
> No, nothing exotic, just a generic install of Proftpd.
>
> On the Centos 5 boxes, I started getting the following, but it would work:
>
>    Deprecated pam_stack module called from service "proftpd"
>    pam_succeed_if(proftpd:session): error retrieving information about user 0
>    pam_unix(proftpd:session): session closed for user XXXX
>
> I'd found tons of fixes for it, but most would mean just editing the /etc/pam.d/proftpd file or making /etc/pam.d/ftp file the same as proftpd file. Nothing was a clean fix. But logins would still work.
>
> On the Centos 6.2 box, logins wouldn't work at all unless I removed the line requiring pam_shells.so.
>
> Now on to the big problem. In the file /etc/sasl2/Sendmail.conf I've got the line:
>
> pwcheck_method:pam
>
> I've got the certificates all fine in the sendmail.mc/cf file just fine, I've got the port 587 defined and it's showing in netstat, but when I try and create an account to access port 587 to send email through, no matter what method I use (ssh, tls, plain ) I can't get an email to go through this. I'm guessing that since I've got these ever-increasing problems with PAM, maybe there's something I'm overlooking in the Pam config, but I'm not aware of any problems. I just can't seem to get authenticated.
>
> I'm aware that going from Centos 3 to Centos 6.2 is a big jump. Fighting Dovecot for Imap has been the biggest hurdle, and it's just recently that people have started notifying me of some of the problems of being able to relay through our server.
>
> My access file on both old and new are duplicates, so the problem isn't there. The other sendmail files are the same as well (local domains, etc).
>
> There's not a wall hard enough for me to keep banging my head against, it seems, and I'm really not getting any benefit from banging it.
>
> SeLinux is off as well as iptables and ip6tables. The firewalling is done for all servers on the network, not the individual server, and the IP of the new server took over the IP of the old server, so the firewall should still be good for all ports and services.
>
> Proftpd is not the real problem here, but the sendmail problem is causing a few calls.
>
> Thanks for any help and replies
> steve
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
Seems I've found that dovecot is handling the auth for smtp, and it 
doesn't like sendmail very much since their documentation avoids 
sendmail like the plague.

I sure wish Centos/RH had left something for us so that I wouldn't have 
to learn dovecot, postfix and all the other stuff. The original tests I 
ran seemed to handle most of the stuff normally but now users are 
calling and complaining and there's not a lot I can do but forge ahead.

Not happy but it's my own fault

Thanks for the help

steve
>