Re: imapd for MacOS X - Authentication errors
Dear Mark, Thanks for your answer. I've figured out the authentication problems, and it has to do with PAM. MacOS 10.3 (Panther) uses PAM for all of its authentication, quite different from 10.2 (Jaguar). So in addition to starting the imap service on port 143 (and imaps on 993), which I also hadn't been doing before), I had to add a file 'imap' to /etc/pam.d/. Something like: # imap : auth account password session auth required pam_nologin.so auth sufficient pam_securityserver.so auth sufficient pam_unix.so auth required pam_deny.so account required pam_permit.so password required pam_deny.so session required pam_uwtmp.so After this authentication worked, no matter if I compiled with SSLTYPE=unix or SSLTYPE=nopwd. I still have problems with the SSL certificate being validated, but that's a different question for a different mailing list. I found this page very helpful: http://www.theatrain.net/pantherimaps.html. Thanks again! --Matt On 4/7/05 2:33 PM, "Mark Crispin" <[EMAIL PROTECTED]> wrote: > On Thu, 7 Apr 2005, Matthew Leingang wrote: >> Now when I try to connect using an IMAP client (even "telnet localhost 143") >> I can't login. I get the NO LOGIN failed response. > > Does this happen when you make an SSL (port 993) connection to your IMAP > server? > > Does Entourage do a STARTTLS command? If it doesn't, then you must use > port 993 and not port 143. > >> I've also tried >> building with the arguments SSLTYPE=unix (to allow plaintext logging in, >> kind of a no-no). Same problem. > > Did you make sure that when the server started, that LOGINDISABLED does > *not* appear in the CAPABILITY list (you'll see it in the server greeting > banner)? If LOGINDISABLED appears, then you are running a SSLTYPE=nopwd > build server. > > Note that you must do a complete rebuild (make clean) if you want to > change the SSLTYPE option. There are wizardry ways to avoid this, but > don't distract yourself with that for now. > > Please keep me informed of your progress. Unfortunately, greater security > means that there are more things to go wrong, but we'll get you going and > happily IMAPing. > >> Related question: Once it gets working, I only want to allow connections on >> the IMAP port from localhost. Can I do that with the >> /etc/hosts.{deny,allow} files? > > Yes. > > -- Mark -- > > http://staff.washington.edu/mrc > Science does not emerge from voting, party politics, or public debate. > Si vis pacem, para bellum. -- Matthew Leingang Preceptor in Mathematics Harvard University URL: http://www.math.harvard.edu/~leingang/ vCard: http://www.math.harvard.edu/~leingang/vCard.vcf
Re: imapd for MacOS X - Authentication errors
On Thu, 7 Apr 2005, Matthew Leingang wrote: Now when I try to connect using an IMAP client (even "telnet localhost 143") I can't login. I get the NO LOGIN failed response. Does this happen when you make an SSL (port 993) connection to your IMAP server? Does Entourage do a STARTTLS command? If it doesn't, then you must use port 993 and not port 143. I've also tried building with the arguments SSLTYPE=unix (to allow plaintext logging in, kind of a no-no). Same problem. Did you make sure that when the server started, that LOGINDISABLED does *not* appear in the CAPABILITY list (you'll see it in the server greeting banner)? If LOGINDISABLED appears, then you are running a SSLTYPE=nopwd build server. Note that you must do a complete rebuild (make clean) if you want to change the SSLTYPE option. There are wizardry ways to avoid this, but don't distract yourself with that for now. Please keep me informed of your progress. Unfortunately, greater security means that there are more things to go wrong, but we'll get you going and happily IMAPing. Related question: Once it gets working, I only want to allow connections on the IMAP port from localhost. Can I do that with the /etc/hosts.{deny,allow} files? Yes. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
imapd for MacOS X - Authentication errors
Hello, I have a PowerBook G4 with Mac OS 10.3.8 and read my mail with Entourage 2004. I would like to read the messages that get deposited in /var/mail/, without having to use pine or mail as I do currently. Entourage doesn't allow you to mount file-based mailboxes (you can import them, but not subscribe to them) so I thought about using a local mailserver. I seem to have successfully installed imap but I can't authenticate. I downloaded and installed the latest imap and pop daemons from UW, using the commands $ make oxp SSLTYPE=nopwd SSLDIR=/usr SSLCERTS=/etc/sslcerts $ sudo openssl req -new -x509 -nodes -out /etc/sslcerts/imapd.pem -keyout /etc/sslcerts/imapd.pem -days 3650 Then I added this line to /etc/inetd.conf (sorry if it wraps): imapstream tcp nowait root/usr/libexec/tcpd /usr/local/libexec/imapd Finally I restarted xinetd. Now when I try to connect using an IMAP client (even "telnet localhost 143") I can't login. I get the NO LOGIN failed response. I've also tried building with the arguments SSLTYPE=unix (to allow plaintext logging in, kind of a no-no). Same problem. Related question: Once it gets working, I only want to allow connections on the IMAP port from localhost. Can I do that with the /etc/hosts.{deny,allow} files? Any clues? --Matt -- Matthew Leingang Preceptor in Mathematics Harvard University URL: http://www.math.harvard.edu/~leingang/ vCard: http://www.math.harvard.edu/~leingang/vCard.vcf -- -- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html --