Scalix Forums

Hi,
I´ve implemented radius and one time password auth with aladdin token on our linux boxes.
Now i want to use it for webmail, I configured ual.remote in the way documented in "Scalix Pluggable Authentication Modules"

# ual.remote
auth sufficient pam_if -- pam_radius_auth conf=/etc/raddb/server client_id=scalix

don´t know why but it is not working
I could not see any requests in the log of my radius server and I don´´t see anything local in /var/log/messages or omshowlog.

Then I tried florians tip http://www.scalix.com/community/viewtop ... ght=radius

auth required om_om2authid
auth sufficient /lib/security/pam_radius_auth.so conf=/etc/raddb/server client_id=scalix


now I can see the authentication, but it is comming twice from webmail and with "one time password" this will not work because password is not longer valid.

Error from webmail:
methodName=getFolderTree

Are ther additional configurations or actions required or is it a bug?

os is SuSE SLES 9

guido

I know SWA opens up multiple connections to the server, so it can speed up access. If it needs to authenticate for every connection (very likely) this would explain what you are seeing.

Just monitored a client login and I got 2 logins with datestamps 1155899676 and 1155899677 (1s apart) and a third at 1155899683 (5s later). The third connection kept on dropping and re-opening for a while, and all the open connections closed when the browser was closed.

I am not sure if OTP's will work in this scenario at all, unless there's a way to restrict SWA to only use a single connection. I can't see anything relevant in the config file, and I doubt this is user-changable at this point.

Unfortunately I believe that's exactly what you see here. The SWA server needs to cache user credentials so that it is able to open multiple IMAP connections.

We are thinking about changing the authentication mechanism in a future release to address this, but I believe at this point there is no solid workaround for OTP mechanisms.

Cheers,
Florian.