5

I set up a server with Postfix SMTP auth through Dovecot SASL. However, it was not possible to get the PAM authentification working as standard out of the box.

So more by chance, I changed it to the shadow driver as explained in Dovecot documentation and the configuration and setup runs fine immediately.

Are there any drawbacks keeping the /etc/shadow as password database in Dovecot's config? Especially, does it impact Postfix/Dovecot/Servers's security anyhow? The documentation just says, "PAM is usually preferred" but does not explain further why.

Improve this question

2 Answers 2

Reset to default
0

PAM stands for Pluggable Authentication Modules. It provides a more configurable method of trusted system authentication, by using modules to extend functionality. This allows for users to be authenticated through sources other than /etc/shadow(e.x. Kerberos) and enables programs to authenticate users without being given root or read access to /etc/shadow. If you don't have PAM configured to use a source other than /etc/shadow, it is functionally the same as far as Dovecot is concerned.

Improve this answer
-1

Could not make Dovecot working with PAM password database (passdb), Virtualmin/Usermin users keep getting error "Usermin Failed to login to IMAP server : [AUTHENTICATIONFAILED] Authentication failed."

Changing passdb driver to /etc/shadow however fixed the problem immediately.

Probably issue with Virtualmin/Dovecot is in permissions to mailbox/inbox.imap or other config files.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.