Re: imapd for MacOS X - Authentication errors
Dear Mark,
Thanks for your answer. I've figured out the authentication problems, and
it has to do with PAM. MacOS 10.3 (Panther) uses PAM for all of its
authentication, quite different from 10.2 (Jaguar).
So in addition to starting the imap service on port 143 (and imaps on 993),
which I also hadn't been doing before), I had to add a file 'imap' to
/etc/pam.d/. Something like:
# imap : auth account password session
auth required pam_nologin.so
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_uwtmp.so
After this authentication worked, no matter if I compiled with SSLTYPE=unix
or SSLTYPE=nopwd.
I still have problems with the SSL certificate being validated, but that's a
different question for a different mailing list.
I found this page very helpful: http://www.theatrain.net/pantherimaps.html.
Thanks again!
--Matt
On 4/7/05 2:33 PM, "Mark Crispin" <[EMAIL PROTECTED]> wrote:
> On Thu, 7 Apr 2005, Matthew Leingang wrote:
>> Now when I try to connect using an IMAP client (even "telnet localhost 143")
>> I can't login. I get the NO LOGIN failed response.
>
> Does this happen when you make an SSL (port 993) connection to your IMAP
> server?
>
> Does Entourage do a STARTTLS command? If it doesn't, then you must use
> port 993 and not port 143.
>
>> I've also tried
>> building with the arguments SSLTYPE=unix (to allow plaintext logging in,
>> kind of a no-no). Same problem.
>
> Did you make sure that when the server started, that LOGINDISABLED does
> *not* appear in the CAPABILITY list (you'll see it in the server greeting
> banner)? If LOGINDISABLED appears, then you are running a SSLTYPE=nopwd
> build server.
>
> Note that you must do a complete rebuild (make clean) if you want to
> change the SSLTYPE option. There are wizardry ways to avoid this, but
> don't distract yourself with that for now.
>
> Please keep me informed of your progress. Unfortunately, greater security
> means that there are more things to go wrong, but we'll get you going and
> happily IMAPing.
>
>> Related question: Once it gets working, I only want to allow connections on
>> the IMAP port from localhost. Can I do that with the
>> /etc/hosts.{deny,allow} files?
>
> Yes.
>
> -- Mark --
>
> http://staff.washington.edu/mrc
> Science does not emerge from voting, party politics, or public debate.
> Si vis pacem, para bellum.
--
Matthew Leingang
Preceptor in Mathematics
Harvard University
URL: http://www.math.harvard.edu/~leingang/
vCard: http://www.math.harvard.edu/~leingang/vCard.vcf
Re: imapd for MacOS X - Authentication errors
On Thu, 7 Apr 2005, Matthew Leingang wrote:
Now when I try to connect using an IMAP client (even "telnet localhost 143")
I can't login. I get the NO LOGIN failed response.
Does this happen when you make an SSL (port 993) connection to your IMAP
server?
Does Entourage do a STARTTLS command? If it doesn't, then you must use
port 993 and not port 143.
I've also tried
building with the arguments SSLTYPE=unix (to allow plaintext logging in,
kind of a no-no). Same problem.
Did you make sure that when the server started, that LOGINDISABLED does
*not* appear in the CAPABILITY list (you'll see it in the server greeting
banner)? If LOGINDISABLED appears, then you are running a SSLTYPE=nopwd
build server.
Note that you must do a complete rebuild (make clean) if you want to
change the SSLTYPE option. There are wizardry ways to avoid this, but
don't distract yourself with that for now.
Please keep me informed of your progress. Unfortunately, greater security
means that there are more things to go wrong, but we'll get you going and
happily IMAPing.
Related question: Once it gets working, I only want to allow connections on
the IMAP port from localhost. Can I do that with the
/etc/hosts.{deny,allow} files?
Yes.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
imapd for MacOS X - Authentication errors
Hello,
I have a PowerBook G4 with Mac OS 10.3.8 and read my mail with Entourage
2004. I would like to read the messages that get deposited in
/var/mail/, without having to use pine or mail as I do currently.
Entourage doesn't allow you to mount file-based mailboxes (you can import
them, but not subscribe to them) so I thought about using a local
mailserver. I seem to have successfully installed imap but I can't
authenticate.
I downloaded and installed the latest imap and pop daemons from UW, using
the commands
$ make oxp SSLTYPE=nopwd SSLDIR=/usr SSLCERTS=/etc/sslcerts
$ sudo openssl req -new -x509 -nodes -out /etc/sslcerts/imapd.pem -keyout
/etc/sslcerts/imapd.pem -days 3650
Then I added this line to /etc/inetd.conf (sorry if it wraps):
imapstream tcp nowait root/usr/libexec/tcpd
/usr/local/libexec/imapd
Finally I restarted xinetd.
Now when I try to connect using an IMAP client (even "telnet localhost 143")
I can't login. I get the NO LOGIN failed response. I've also tried
building with the arguments SSLTYPE=unix (to allow plaintext logging in,
kind of a no-no). Same problem.
Related question: Once it gets working, I only want to allow connections on
the IMAP port from localhost. Can I do that with the
/etc/hosts.{deny,allow} files?
Any clues?
--Matt
--
Matthew Leingang
Preceptor in Mathematics
Harvard University
URL: http://www.math.harvard.edu/~leingang/
vCard: http://www.math.harvard.edu/~leingang/vCard.vcf
--
--
For information about this mailing list, and its archives, see:
http://www.washington.edu/imap/c-client-list.html
--
