Fwd: Returned mail: User unknown or disabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Thu, Jul 16, 2009 at 12:34, Mail Delivery
System<Mailer-Daemon@xxxxxxxxxxxxxxx> wrote:
>   ----- Transcript of session follows -----
> ... while talking to mail.acampo.net:
>>>> RCPT To:<pam-list@xxxxxxxxxx>
> 550 <pam-list@xxxxxxxxxx>... User unknown or disabled
> Envelope-to: snuggles@xxxxxxxxxx

Would a list admin please unsubscribe 'snuggles' so we'd stop getting
these bounces?
--- Begin Message ---
Return-path: <pam-list-bounces@xxxxxxxxxx>
Envelope-to: snuggles@xxxxxxxxxx
Delivery-date: Thu, 16 Jul 2009 20:34:37 +0200
Received: from [] (helo=hormel.redhat.com)
	by mail.acampo.net with esmtp (Exim 4.63)
	(envelope-from <pam-list-bounces@xxxxxxxxxx>)
	id 1MRVmi-0002Yb-3M
	for snuggles@xxxxxxxxxx; Thu, 16 Jul 2009 20:34:37 +0200
Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com [])
	by hormel.redhat.com (Postfix) with ESMTP id 278B661AAC5;
	Thu, 16 Jul 2009 14:34:23 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
	by listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id
	n6GIYLan012457 for <pam-list@xxxxxxxxxxxxxxxxxxxxxxxxxxx>;
	Thu, 16 Jul 2009 14:34:21 -0400
Received: from mx3.redhat.com (mx3.redhat.com [])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6GIYKdW024820
	for <pam-list@xxxxxxxxxx>; Thu, 16 Jul 2009 14:34:21 -0400
Received: from ey-out-2122.google.com (ey-out-2122.google.com [])
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id n6GIY7LC026517
	for <pam-list@xxxxxxxxxx>; Thu, 16 Jul 2009 14:34:07 -0400
Received: by ey-out-2122.google.com with SMTP id 9so94239eyd.39
	for <pam-list@xxxxxxxxxx>; Thu, 16 Jul 2009 11:34:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
MIME-Version: 1.0
Received: by with SMTP id y10mr10197639eby.12.1247769246837; Thu, 
	16 Jul 2009 11:34:06 -0700 (PDT)
In-Reply-To: <4A5F6A63.1030006@xxxxxxxxxxxxxxxx>
References: <C683596F.11EDF%greeneg@xxxxxxxxxxxxxx>
Date: Thu, 16 Jul 2009 12:34:06 -0600
Message-ID: <4255c2570907161134p3b6366dsb72baa39792dc9ed@xxxxxxxxxxxxxx>
From: RB <aoz.syn@xxxxxxxxx>
To: Pluggable Authentication Modules <pam-list@xxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8
X-RedHat-Spam-Score: -0.053 
X-Scanned-By: MIMEDefang 2.58 on
X-Scanned-By: MIMEDefang 2.63 on
X-MIME-Autoconverted: from quoted-printable to 8bit by
	listman.util.phx.redhat.com id n6GIYLan012457
X-loop: pam-list@xxxxxxxxxx
Subject: Re: pam/winbind user not found problem
X-BeenThere: pam-list@xxxxxxxxxx
X-Mailman-Version: 2.1.5
Precedence: junk
Reply-To: Pluggable Authentication Modules <pam-list@xxxxxxxxxx>
List-Id: Pluggable Authentication Modules <pam-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/pam-list>,
List-Archive: <https://www.redhat.com/archives/pam-list>
List-Post: <mailto:pam-list@xxxxxxxxxx>
List-Help: <mailto:pam-list-request@xxxxxxxxxx?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/pam-list>,
Sender: pam-list-bounces@xxxxxxxxxx
Errors-To: pam-list-bounces@xxxxxxxxxx
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -5.7 (-----)
X-Spam-Score-Rev: ----- (-5.7)
X-Spam-Status: hits=-5.7 tests=RCVD_IN_DNSWL_MED,RDNS_NONE
X-Info: valid message
X-Info: original Date

On Thu, Jul 16, 2009 at 11:58, Les Mikesell<les@xxxxxxxxxxxxxxxx> wrote:
> This isn't strictly a PAM issue, but rather with the default RHEL5.x
> configuration (and Centos, and probably fedora). =C2=A0Does anyone know=
 what they
> were thinking?

Ostensibly, they were trying to authenticate system users without
passing said users' credentials on to winbind.  Whether intentional or
not, it seems they assumed users would have a UID that could be
resolved by pam_unix.  That's often the case, but with proper
enterprise-level user management (no local accounts) the assumption

> Should most pam auth modules know anything about uid's?

By all means - auth is probably the most important place for UIDs/GIDs
to be known.

> I thought that was account info. =C2=A0If the idea is to keep the 'syst=
em' accounts
> (below 500 by convention)in the passwd file, is there a better way to d=
o it?

Probably should have used something to this effect instead of 'requisite'=

[success=3Dok new_authtok_reqd=3Dok ignore=3Dignore default=3Ddie user_un=

Which is, of course, according to pam.conf(5) the same as 'requisite'
with the added control of ignoring unknown users.  Allows the stack to
shortcut if it's a system user with bad credentials but still passes
completely unresolved credentials on.

Pam-list mailing list

--- End Message ---
Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux