Dear Managers,
A colleague complained to me that he was unable to access his
mail today. He had tried Netscape, Pine, and MH. A quick check of
the system logs confirmed that the problem was an incorrect password
for both POP and IMAP access. He is able to log in via telnet,
however. Changing his password didn't help.
We run NIS with C2 security on Tru64-Unix v4.0Dp3. The pop
daemon is Qualcomm's qpopper v2.53 with the special_auth enabled.
IMAP is version 4.2 from U of Washington. The NIS server is also the
mail server (it does not allow telnet connections). Both daemons are
on a NFS-readonly-distributed /usr/local and are launched from
/etc/inetd.conf; the maildrops are on the NIS/mail server and are not
NFS-distributed. The protection/ownership of the maildrop is 600
owned by the colleague's userid.
A electrical storm passed through while the colleague was
accessing his mail yesterday. All the client stations crashed and
rebooted. The NIS master is on a UPS and it did not crash. The
current user load is light; it is quite possible my colleague was the
only user at the time. I haven't checked all the client station logs
to be sure, however.
I tried the following:
i) The password on a test (non-privileged) account was deliberately
changed and an e-mail message was sent to that account. A telnet
connection to an NIS client was successful with the new password.
Pine (run on the client) successfully retrieved the e-mail message
after logging into the NIS/mail server with the new password. A
telnet connection to the server on port 110 (the POP port) was
successfully authenticated (by issuing the POP USER and PASS commands)
with the new password. No other complaints have been received, so
apparently the problem only affects the single account.
ii) I checked that my colleague's password was current (in fact he had
changed it only 6 minutes before calling me) and that his account
wasn't expired.
iii) I changed the password for my colleague's account multiple times
from the root account. I checked each password change via a ordinary
telnet connection to a client (to test the NIS password) and a telnet
connection to the server on port 110. The NIS password changes were
all successful, but only one change affected POP. The user is still
stuck with that one password change I made as far as POP is concerned.
iv) I rebuilt the NIS prpasswd database in /var/yp/<domain name> from
scratch by moving the maps to backup files and doing a make from
/var/yp. This didn't help.
v) I looked at the Qualcomm qpopper source code. As far as I can
see, it just uses a call to getprpnam to check the password. I'm not
an expert, but I think that's the same mechanism NIS uses, so I'm at a
loss to explain why NIS works and POP fails.
Any suggestions?
Larry
============================================================================
Larry Griffith Dept. of Computer & Info Science
larry_at_cs.wsc.ma.edu Westfield State College
(413) 572-5294 Westfield, MA 01086 USA
PGP public key available at:
http://cs.wsc.ma.edu/dcis/griffith.html
============================================================================
Received on Wed Jun 30 1999 - 20:11:56 NZST