Hi, I'm trying to set up certificate based authentication using Courier IMAP and TLS. It's not working.
I've tried running both the imapd.rc and the imapd-ssl.rc initialization scripts, with the most luck (recently) occuring with the former. I did login successfully once but then I made some little changes (argh) to the configuration and I haven't been able to get it working since. I've gotten all kinds of errors when setting this up; the following is the latest from the logs: imapd: couriertls: accept: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned imapd: couriertls: accept: error:1408F071:SSL routines:SSL3_GET_RECORD:bad mac decode F Looks like it's not getting passed a cert from the client (Opera 7), but Opera seems to be going through the motions alright. Opera's client cert pop's up and I have to produce the password. Here are the config settings: $ egrep ^[^#] authdaemonrc authmodulelist="authpwd" authmodulelistorig="authcustom authuserdb authmysql authpam" daemons=5 version="" authdaemonvar=/usr/local/var/authdaemon $ egrep ^[^#] imapd ADDRESS=192.168.0.0 PORT=1116 MAXDAEMONS=5 MAXPERIP=4 PIDFILE=/var/run/imapd.pid TCPDOPTS="-nodnslookup -noidentlookup" AUTHMODULES="authdaemon" AUTHMODULES_ORIG="authdaemon" IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT" IMAP_CAPABILITY_ORIG="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE" IMAP_IDLE_TIMEOUT=60 IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN" IMAP_DISABLETHREADSORT=0 IMAP_CHECK_ALL_FOLDERS=0 IMAP_OBSOLETE_CLIENT=0 IMAP_ULIMITD=65536 IMAP_USELOCKS=0 IMAP_EMPTYTRASH=Trash:7 IMAP_MOVE_EXPUNGE_TO_TRASH=1 IMAPDSTART=YES IMAPDEBUGFILE=/var/log/imap-debug $ egrep ^[^#] imapd-ssl prefix=/usr/local exec_prefix=/usr/local SSLPORT=1116 SSLADDRESS=192.168.0.0 SSLPIDFILE=/var/run/imapd-ssl.pid IMAPDSSLSTART=NO IMAPDSTARTTLS=YES IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/local/bin/couriertls TLS_PROTOCOL=TLS1 TLS_STARTTLS_PROTOCOL=TLS1 TLS_CERTFILE=/usr/local/etc/courier-imap/SERVERcert.pem TLS_TRUSTCERTS=/usr/local/openssl/certs/postfix/certs/ TLS_VERIFYPEER=PEER FTR, I'm running all this on FreeBSD, in conjunction with Postfix and MySQL (previously I was authenticating out of the MySQL database). IMAP is version 1.6.1. Any suggestions (howtos!) would be appreciated. ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
