Moving to Apps & DEs.
]]>https://wiki.archlinux.org/index.php/Co … _hijacking
As Gene's issue seems to be resolved and pambase-20190105.1 is now in [core], I am going to take this opportunity to close this thread.
]]>pactree -ld1 -r pam | sed 1d | xargs -rtn1 pkgfile -l |& egrep $'\t''/etc/pam\.d/.|^pkgfile'
]]>The next trial was to remove the bottom 2 lines and that works fine.
The final result is that /etc/pam.d/smtp
#%PAM-1.0
auth required pam_unix.so
account required pam_unix.so
auth required pam_unix.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
As for a warning about the "other" file, you really never should have been relying on it in the first place:
Like the example of sshd, any pam-aware application is required to install its policy to /etc/pam.d in order to integrate and rely on the PAM stack appropriately. If an application fails to do it, the /etc/pam.d/other policy is applied per default. A permissive policy for it is installed per default (FS#48650).
Also see the linked issue with the new change you are referring to fixed.
]]>Now what about postfix - I found no similar pam info on the wiki for postfix - do you know what would be needed for that? Same as for dovecot only in a file named what - smtp, smtpd, postfix?
Also if this might break running systems it might help if there was a warning on this update. It certainly came as a surprise to me and others may be similarly caught unawares.
Also, please edit your post to add code tags around commands and output (which would avoid the proble you had with square brackets).
]]>The problem stems from change to:
/etc/pam.d/other
which replaced
password required pam_unix.so
with
password required pam_deny.so
Does this mean that things like dovecot and postfix need to have explicit additional files in /etc/pam.d so that email authentication work without relying on the catch all "other" file? This was the only change I could find for the pambase package.
Logs say:
saslauthd[22214]: pam_warn(smtp:auth): function=[pam_sm_authenticate] flags=0x8000 service=[smtp] terminal=[<unknown>] user=[lists] ruser=[<unknown>] rhost=[<unknown>]
saslauthd[22214]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
saslauthd[22214]: do_auth : auth failure: [user=lists] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
postfix[] : warning: SASL authentication failure: Password verification failed
[1] I also email arch general with same info as I was unable to find email address to reach the packager (Dave Reisner)
]]>