Some more data points: - Further simplification of the dovecot config (ssl = no) does not make a difference.
- The problem is not reproducible on a different machine, using the exact same content of /etc/dovecot.conf and /etc/pam.d/dovecot. - On the machine where the problem persists, this pam config does not work: --- /etc/pam.d/dovecot (non-working) --- #%PAM-1.0 auth required pam_unix.so account required pam_unix.so session required pam_unix.so password required pam_unix.so --- EOF --- whereas the problem goes away with this one: --- /etc/pam.d/dovecot (working) --- #%PAM-1.0 auth required pam_unix.so account required pam_unix.so session required pam_unix.so password optional pam_warn.so password required pam_unix.so --- EOF --- It does not matter to which type (auth/account/etc.) the pam_warn.so line is added, using any of the four works. So this might be a PAM problem, not necessarily a dovecot problem. Open questions: - What difference between my test machines could potentially cause the difference in behavior? - Why does the inclusion of pam_warn.so make a difference? Appending "audit" to the pam_unix.so lines reveals that the username passed to PAM is correct. However, PAM still logs "user unknown".
