I have been hapily running cyrus-imapd 1.6.24 for some time. My mail
server is a black box: the users have no local accounts; imapd.conf
instructs cyrus to authenticate via PAM and /etc/pam.d/imap uses
pam_ldap.so to get user data from an OpenLDAP database. It all works
beautifully. I do not u
I am faced with the same "signaled to death by 11" problem on RH 7.1
that has been reported in this list several times before. I think I
understand the problem, but I need a little coaching to implement a
solution.
Here's the problem: whenever I login correctly,
# telnet localhost imap
> BTW, what is the fastest route?
> imap -> sasl -> pam-ldap -> ldap server
> imap -> sasl -> ldap server
The fastest route to me seems to be:
imap -> pam_ldap -> ldap sever
Can we PLEASE produce a version of cyrus-imap imap WITHOUT SASL? PAM may
be a smidgeon less flexible, but it is simp
> What's wrong with having both PAM and SASL in the implementation? And
> isn't this the case? I'm still using Cyrus IMAP 2.0.13 so maybe PAM
> has been removed since, but I would be surprised.
PAM has never been in the distribution. SASL is in the distribution and
PAM is supported by SASL. T
I have spent more time investigating the interaction of pam_ldap and
SASL, and have narrowed down the problem considerably, but still not
quite "got it".
The TLS options seem also to be the wrong direction; I can eliminate
TLS/SSL and the problem persists. By inserting lots of debug code, I
Does ANYONE have the following configuration working?
cyrus-imapd-2.0.x authenticating via LDAP using sasl_pwcheck_method: PAM
and the pam_ldap module
If so, please chime in to say on what system and how you got it to work.
I can't imagine this configuration is obscure: LDAP is the preemininen
I and quite a few other users of the cyrus-imapd system have found a
problem which occurs exclusively when we authenticate using the PAM
module pam_ldap linked against the OpenLDAP 2.0.x libraries. I am
writing to ask whether this bug and any potential solutions are known to
the wider OpenLDA
Phillip Sacha, thanks so much for pointing out that pam_ldap works when
linked gainst the OpenLDAP 1.x libraries. Norbert Sendetzky also point
out that Red Hat's precompiled pam_ldap also works, and ldd reveals
that to be linked against libldap.so.1 and liblber.so.1 -- the OpenLDAP
1.x libr
First off, thanks to you, Lawrence, and the many others who helped
clarify why OpenLDAP 2.0.x + pam_ldap + cyrus-imaps-2.0.x won't play
together out-of-the-box. For those just tuning in to this thread, it's
because the SASL routines are (1) used both by cyrus-imapd and OpenLDAP
and (2) not re
Please educate me, I do not understand.
> Please use pwcheck. Your problems will go away.
The pwcheck distributed with cyrus-sasl is not useful to me. My users
are not in /etc/passwd -- they are ONLY in an LDAP database. Even a
pwcheck daemon that uses LDAP is only useful to me it does LDAP
Cyrus-imapd (1.6.24) insists on advertising AUTH=CRAM-MD5, even though
this is a lie. This is (I think) one of the (many bad) side-effects of
SASL -- because of SASL cyrus advertises this AUTH, but in fact my
sasldb is utterly empty (all authentication is via PAM) and so any
client that takes
I am running a locally compiled cyrus 2.0.16 on a Red Hat 7.1 system.
Twice now one of my users (only one, but this one happens to be my
boss!) has observed a wierd, transient failure mode: in this mode, imapd
hangs on any attempt to write to a folder. Here is an example, caught by
ethereal:
000
For SSL/TLS connections, is there some way to tell cyrus-imap what sorts
of encryption to allow? Apache's mod_ssl, for example, has the
SSLCipherSuite directive, which I use thusly:
SSLCipherSuite HIGH:+MEDIUM:-LOW:-EXP:-ADH:-NULL
The touble with simply allowing all ciphers supported by OpenS
A while back I wrote to the list asking about how by specify the SSL/TLS cipher
algorithms that cyrus imapd should accept (by analogy with the SSLCipherSuite
directive from Apache's mod_ssl). I didn't receive a reply (which is fine) so now I
want to verify: is it true that there is no way to s
Hi Ted! :-)
> I was wondering which module in Cyrus provides return receipt ?
Return receipt is traditionally provided by the mail client (outlook,
netscape, pine, eudora), not the mail server. Unlike return recepit from
the post office, which is a service the transport agent provides the
se
>>Anything look familiar or obvious? Suggestions?
Familiar, anyway. Looks like the old SASL re-entrancy problem to be. Try
rebuilding your OpenLDAP libs --without-sasl and linking pam_ldap to them.
>>Anything look familiar or obvious? Suggestions?
Look familiar, anyway. It looks like the inevitable SASL reentrancy
problem. Try rebuilding your LDAP libs --without-sasl and then linking
pam_ldap to the new libs.
Since there is such as SASL love-fest going on here, allow me to chime
in with my dissenting viewpoint. SASL adds nothing but an annoying
dependency to LDAP. No, I take that back, it also adds a security hole.
Challenge-response mechanisms have absolutely no advantage over straight
password t
>>Finally, Birger, what's "really creative" about
>>
>> by self write
>> by anonymous auth
>> by * none
>>
>>?
>
> So how do we get these toys together if one
>
> 1. is going to protect user information based on "by self write" - you
> first have to see what "self" is! - and
>
> 2. h
> Putting the password over the wire is always a bad idea.
If there were no downside to challenge-response, I'd agree. But if the
price is storing my passwords unhashed, I'm not willing to pay it. All
my sites use MD5 or SHA hashing, which OpenLDAP supports.
> Maybe I'm a dork for buying into
> When I attemp to delete a message from the client I receive the message
> that The IMAP copy failed.
It sounds like you have a client that deletes by moving to a Trash folder,
and you don't have a Trash folder. Make sure the client is configured so
that delete means "mark message as deleted."
> I'm trying to make Cyrus IMAP work with Pam for authentication.
> sasl_pwcheck_method: saslauthd
You want:
sasl_pwcheck_method: PAM
Go on from there, and come back when you encounter the SASL re-entrancy bug.
> SASLv2...
Sorry! Rob is of course right wrt SASLv2.
I'm about to try out imapd-2.1.4 (as packaged by Henrique for Debian). I
am currently running imapd-2.0.16 (custom-compiled) on a different
machine. Can somone point me to tips for how to migrate my users and
their mail? Do I just need to copy over the mailbox directory hierarchy
and run recon
> doc/install-upgrade.html
This information assumes you are upgrading on one box. My situation (and
I suspect it is the situation of most production systems) is having 2.1
set up clean (i.e. no mail or metadata) on a second machine, and now I
want to get all the mail from my 2.0 machine to it
> When I use the unixhierarchy/altnamespace options in imapd.conf I can't
> create sub-folders in the main inbox but I can create folders outside the
> main inbox and then create subfolders in those. When I turn
> unixhierarchy/altnamespace off then I can create subfolders in the main
> inbox bu
Using 2.0.16 on Linux 2.2.19.
I am having trouble with imapd daemons hanging around for a long time. I
currently (21 May) have some imapd daemons that have been hanging around
for over two weeks (4 May). It is just possible that a couple users have
been sending keep-alives that long, but I have
> Cyrus does recycle processes. Unix forking is amazingly slow compared
> to not forking and on servers that receive many connections a second
> this performance tweak is vital.
That explains it; thanks for the explanation.
(Still, even 10 forks/second seems entirely do-able. While I don't
di
> Because we think that there is no need to use SASL library in the
> middle of the way to authenticate via PAM+mysql. Isnt it a better
> performance issue? Or we are completely wrong?
It's true, there isn't a need, meaning Cyrus could have been designed to
use PAM directly as a security la
Henrique, who maintains the Debian cyrus-imap packages (and does a very
good job of it) just changed the MBOX and SEEN databases to use skiplist
(from db3 and flat). I had never thought about this issue before.
Can someone explain what advantages and disadvantages one has from the
different dat
I am running cyrus-imapd-1.6.24 along with postfix under Red Hat Linux
7.0 on a li'l old i386. Most of the time it works flawlessly, but
occasionally a delivery dies with a log entry like the following:
Feb 15 15:03:46 heidegger deliver[8181]: checkdelivered:
error opening delivered database
31 matches
Mail list logo
