Cannot login to Dovecot with PAM authentication anymore


#1

I run a local Dovecot server to archive my e-mails. Since recently, PAM authentication does not work anymore.

Journalctl complains that /etc/pam.d/imap is missing:

dovecot[2032]: auth-worker(2042): Error: pam(rk,127.0.0.1,<NJswDoCCrpp/AAAB>): pam_authenticate() failed: Authentication failure (/etc/pam.d/imap missing?)

So I created the file with a single line:

auth sufficient pam_unix.so

This changes the complaint in journalctl to:

dovecot[2032]: auth-worker(2042): Error: pam(rk,127.0.0.1,<rUqq5n+Ccpp/AAAB>): pam_acct_mgmt() failed: Authentication failure

My Dovecot configuration /etc/dovecot/dovecot.conf looks like this:

listen = 127.0.0.1
syslog_facility = mail
mail_location = maildir:~/Mail
ssl = no
protocol imap {
}
auth_mechanisms = plain
passdb {
	driver = pam
	args = %s
}
userdb {
	driver = passwd
}

How can I make PAM authentication work again?


#2

Create a pam file for dovecot

https://wiki.archlinux.org/index.php/Dovecot#PAM_Authentication

The new version of pam now requires it.


#3

According to the Wiki, I created the missing file with exactly these two lines copy-pasted from Wiki. Now, the systemd-journal says:

 dovecot[2210]: auth-worker(2223): Error: pam(rk,127.0.0.1,<4wueq4CCzJp/AAAB>): pam_acct_mgmt() failed: Authentication failure

I interpret this as invalid credentials (username or password wrong), but they are correct. What do I still miss about it?


#4

Another try, changed

args = %s

to

args = session=yes dovecot

yields:

Error: pam(rk,127.0.0.1,<3WXM5YCCCJt/AAAB>): pam_open_session() failed: Cannot make/remove an entry for the specified session

#5

This error looks similar to this one

https://bbs.archlinux.org/viewtopic.php?id=244119

The user changed the /etc/pam.d/dovecot to

auth     required        pam_unix.so nullok
account  required        pam_unix.so 
password  required        pam_unix.so 
session  required        pam_unix.so 

#6

Thanks, that did it.

Funnily enough, exactly in the moment you answered, I was reading

https://bbs.archlinux.org/viewtopic.php?id=166245

and wondered if I should expand my /etc/pam.d/dovecot by some lines.