PAM + Dovecot problem

2017-01-02T14:46:41+01:00

I have set up pam SSH authentication using yubikey-pam lib and for SSH it works fine (and for sudo too). Since pam module is called by pam-common, yunikey auth is also required for accessing IMAP account and I can't get this to work. The IMAP server is dovecot (debian) and pam-yubikey logs show that there's curl error:

Code:

Jan  2 14:33:36 vps dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(990)] Skipping first 9 bytes. Length is 53, token_id set to 12 and token OTP always 32.
Jan  2 14:33:36 vps dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(997)] OTP: REDACTED ID: REDACTED
Jan  2 14:33:36 vps dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1012)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK
Jan  2 14:33:36 vps dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1028)] ykclient return value (109): Error performing curl
Jan  2 14:33:36 vps dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1091)] done. [Authentication service cannot retrieve authentication info]

I tried giving both dovecot users real shell (system dovecot accounts have /bin/false as shell) but it doesn't work. I'm out of ideas.

Statistics: Posted by plum — Mon Jan 02, 2017 2:46 pm

Yubico Forum

PAM + Dovecot problem