Auth/system-auth & POP3 daemon
Brian Chabot
brian at datasquire.net
Tue Aug 24 15:54:01 EDT 2004
Kevin D. Clark wrote:
> Are your PAM settings doing this? What does /etc/pam.d/pop and
> /etc/pam.d/system-auth look like?
pop just calls system-auth
system-auth has the following:
===============
#%PAM-1.0
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 minlen=4
dcredit=0 ucredit=0
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
================
> Do you have a (possibly stateless) firewall on the WAN side that filters out TCP
> SYNs from "non-standard" ports like TCP port 113?
I checked the firewall and it's only set to drop malformed packets and
MyDoom port 3127.
> Does your iptables setup on the POP3 server drop the incoming SYN/ACK
> segments that result from the initial TCP SYN? What happens when you
> temporaryly disable these?
ipchains does not drop any packets (yet... it isn't even configured yet...)
I've tried disdabling the following line from /etc/xinetd.d/ipop3:
log_on_success += USERID
Now I'm not seeing and connection attempts to port 113 at all. I've
emailed the user to see if he still sees the delay.
I'd rather have auth working, but if I have to disable it completely, so
be it.
Brian
--
---------------------------------------------------------------
| brian at datasquire.net http://www.hirebrian.net |
| Simply the Best IT/MIS Manager |
| Self-taught, Fast Learner, and Team Player |
| Ready to Start TODAY at Your Company. |
---------------------------------------------------------------
More information about the gnhlug-discuss
mailing list