pam_pgsql, Postfix, imap and PostgreSQL

Hi,

I'm not really sure that this is the right list not or, but I feel that
there may be some people who has some ezperiences with my problem below:

Case : A mail server, which will server 30K people. I want to use
PostgreSQL at the backend, for authentication mechanism. Postfix is used
as the MTA. Wu-imapd is the imap/pop3 server. All these are on Red Hat
8.0.

Since authentication must be done using PostgreSQL,I compiled
pam_pgsql.so and moved it to /lib/security. Then, created a file
/etc/pam_pgsql.conf, as suggested, and wrote the following lines
---
database = mailing
user = postfix
password = password
table = accounts
user_column = username
pwd_column = passwd
expired_column = acc_expired
newtok_column = acc_newpwdreq
pwtype = clear
debug
----

Then, modified /etc/pam.d/pop and /etc/pam.d/imap as follows:

----
#%PAM-1.0
#auth required /lib/security/pam_stack.so service=system-auth
#account required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_pgsql.so
account required /lib/security/pam_pgsql
----

Created a database called mailing, here is the schema of two tables:
mailing=# \d accounts
Table "accounts"
Column | Type | Modifiers
---------------+------------------------+-------------
username | character varying(255) | not null
passwd | character varying(255) | not null
acc_expired | boolean | default '0'
acc_newpwdreq | boolean | default '0'

mailing=# \d vmailbox
Table "vmailbox"
Column | Type | Modifiers
---------+------------------------+-------------
address | character varying(255) | not null
mbox | character varying(255) |
active | boolean | default 'T'
Unique keys: vmailbox_address_key

ANd a sample data from accounts table:

username | passwd | acc_expired |acc_newpwdreq
-----------------------------+----------+-------------+---------------
devrim(at)my(dot)hostname | test | f | f

Everything seems to be ok. But not.

Problem:
-------
This is the first problem.

The following program test the connection through pam_pgsql.

./test devrim(at)my(dot)hostname
PID:16472
PAM started.
Password:
Authentication succeeded, checking access.
Access permitted.
Changing authentication token...
Failed: Authentication token manipulation error

It permits access, but fails while checking the auth token. I think
fails probably in acc_newpwdreq column, but I'm not sure.

And the second and main problem: pop3 does not authenticate ...
Here it comes:

#telnet 0 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK POP3 localhost.localdomain v2001.78rh server ready
USER devrim(at)my(dot)hostname
+OK User name accepted, password please
PASS test
-ERR Bad login

As I trace the logs, I see that pop3d does not send request to
postgresql...

The same is valid for imap.

However, if I insert a user into table, without @ sign, I mean, devrim
for example, pop3d sends authencication request to pam_pgsql and I
succeed. However, I think I need to define users with @ sign, since
there will be more than 1 domain on the system...

Does anyone know how to solve this problem? I do not want to use Courier
imap/Postfix/MySQL :(

BTW, I'm subscribed to the list but have not been receiving e-mails
since about a day. So, please CC my address in your post.

Best regards,

--

Devrim GUNDUZ
TR.NET System Support Specialist

devrim(at)tr(dot)net

Tel : +90 (312) 295 93 18
Fax : +90 (312) 295 94 94
Tel : +90 (216) 542 90 00