5

I set up a server with Postfix SMTP auth through Dovecot SASL. However, it was not possible to get the PAM authentification working as standard out of the box.

So more by chance, I changed it to the shadow driver as explained in Dovecot documentation and the configuration and setup runs fine immediately.

Are there any drawbacks keeping the /etc/shadow as password database in Dovecot's config? Especially, does it impact Postfix/Dovecot/Servers's security anyhow? The documentation just says, "PAM is usually preferred" but does not explain further why.

smartmic
  • 151
  • 4

2 Answers2

0

PAM stands for Pluggable Authentication Modules. It provides a more configurable method of trusted system authentication, by using modules to extend functionality. This allows for users to be authenticated through sources other than /etc/shadow(e.x. Kerberos) and enables programs to authenticate users without being given root or read access to /etc/shadow. If you don't have PAM configured to use a source other than /etc/shadow, it is functionally the same as far as Dovecot is concerned.

vvinrg
  • 1
  • 2
-1

Could not make Dovecot working with PAM password database (passdb), Virtualmin/Usermin users keep getting error "Usermin Failed to login to IMAP server : [AUTHENTICATIONFAILED] Authentication failed."

Changing passdb driver to /etc/shadow however fixed the problem immediately.

Probably issue with Virtualmin/Dovecot is in permissions to mailbox/inbox.imap or other config files.

Rodion Bykov
  • 99
  • 2