Dear Mark, Thanks for your answer. I've figured out the authentication problems, and it has to do with PAM. MacOS 10.3 (Panther) uses PAM for all of its authentication, quite different from 10.2 (Jaguar).
So in addition to starting the imap service on port 143 (and imaps on 993), which I also hadn't been doing before), I had to add a file 'imap' to /etc/pam.d/. Something like: # imap : auth account password session auth required pam_nologin.so auth sufficient pam_securityserver.so auth sufficient pam_unix.so auth required pam_deny.so account required pam_permit.so password required pam_deny.so session required pam_uwtmp.so After this authentication worked, no matter if I compiled with SSLTYPE=unix or SSLTYPE=nopwd. I still have problems with the SSL certificate being validated, but that's a different question for a different mailing list. I found this page very helpful: http://www.theatrain.net/pantherimaps.html. Thanks again! --Matt On 4/7/05 2:33 PM, "Mark Crispin" <[EMAIL PROTECTED]> wrote: > On Thu, 7 Apr 2005, Matthew Leingang wrote: >> Now when I try to connect using an IMAP client (even "telnet localhost 143") >> I can't login. I get the NO LOGIN failed response. > > Does this happen when you make an SSL (port 993) connection to your IMAP > server? > > Does Entourage do a STARTTLS command? If it doesn't, then you must use > port 993 and not port 143. > >> I've also tried >> building with the arguments SSLTYPE=unix (to allow plaintext logging in, >> kind of a no-no). Same problem. > > Did you make sure that when the server started, that LOGINDISABLED does > *not* appear in the CAPABILITY list (you'll see it in the server greeting > banner)? If LOGINDISABLED appears, then you are running a SSLTYPE=nopwd > build server. > > Note that you must do a complete rebuild (make clean) if you want to > change the SSLTYPE option. There are wizardry ways to avoid this, but > don't distract yourself with that for now. > > Please keep me informed of your progress. Unfortunately, greater security > means that there are more things to go wrong, but we'll get you going and > happily IMAPing. > >> Related question: Once it gets working, I only want to allow connections on >> the IMAP port from localhost. Can I do that with the >> /etc/hosts.{deny,allow} files? > > Yes. > > -- Mark -- > > http://staff.washington.edu/mrc > Science does not emerge from voting, party politics, or public debate. > Si vis pacem, para bellum. -- Matthew Leingang Preceptor in Mathematics Harvard University URL: http://www.math.harvard.edu/~leingang/ vCard: http://www.math.harvard.edu/~leingang/vCard.vcf
