Re: pam pop issue
On Tue, Jun 17, 2008 at 02:32:46PM +0530, Ashay Chitnis wrote: On Tue, Jun 17, 2008 at 12:09 AM, Gary Mills [EMAIL PROTECTED] wrote: Gary, thanks for your help. I have had one sleepless night trying to read out the sasl manuals from SUN :). the pam_acct_mgmt() call must be removed from saslauthd/auth_pam.c and added to lib/server.c instead. can you elaborate more on how you have acheived it? By modifying the SASL source and recompiling it. I can post my patches if anyone else is interested. first the item passed by sasl is the service name (pop) and not the remote network ip and this is compared with the actual IP address. pam_get_item should be getting the IP address and passing it to pam NOT the service name.. As others have mentioned, the information stored in the PAM handle depends on the application. Many different types are possible, but the application has to store the data to make it available to the PAM module. PAM_RHOST, the remote host name, would be the one that interests you. That information is not always present. For cyrus and sasl, it appears not to be present. I haven't confirmed this. I have checked its works beautifully in sshd. Now i need to find a way to work it in sasl for pop imap service. -- -Gary Mills--Unix Support--U of M Academic Computing and Networking- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: pam pop issue
On Tue, Jun 17, 2008 at 6:14 PM, Gary Mills [EMAIL PROTECTED] wrote: On Tue, Jun 17, 2008 at 02:32:46PM +0530, Ashay Chitnis wrote: On Tue, Jun 17, 2008 at 12:09 AM, Gary Mills [EMAIL PROTECTED] wrote: Gary, thanks for your help. I have had one sleepless night trying to read out the sasl manuals from SUN :). the pam_acct_mgmt() call must be removed from saslauthd/auth_pam.c and added to lib/server.c instead. can you elaborate more on how you have acheived it? By modifying the SASL source and recompiling it. I can post my patches if anyone else is interested. Can you paste you code if poss?? first the item passed by sasl is the service name (pop) and not the remote network ip and this is compared with the actual IP address. pam_get_item should be getting the IP address and passing it to pam NOT the service name.. As others have mentioned, the information stored in the PAM handle depends on the application. Many different types are possible, but the application has to store the data to make it available to the PAM module. PAM_RHOST, the remote host name, would be the one that interests you. That information is not always present. For cyrus and sasl, it appears not to be present. I haven't confirmed this. There is a variable defined for ipremoteport in server.c but result = _sasl_conn_init(*pconn, service, flags, SASL_CONN_SERVER, server_idle, serverFQDN, iplocalport, *ipremoteport,* callbacks, global_callbacks); But this is unused i guess. I have checked its works beautifully in sshd. Now i need to find a way to work it in sasl for pop imap service. -- -Gary Mills--Unix Support--U of M Academic Computing and Networking- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Seen database issue
I am migrating my users from cyrus-imapd-2.2.3-4 to cyrus-imapd-2.3.7-2 Moving the /var/spool/imap directories, and /var/lib/user/{}.seen files to the new server and reconstructing works fine except that all the mail shows up as not read on the new sever. The username.seen on both servers is skiplist. What do I need to do to have the seen preserved in the migration? No issues were mentioned in the upgrade documentation regarding a migration from 2.2 to 2.3 and skiplist. Any help is appreciated. thanks S Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: murder authentication frontend - backend problem
Hello Andrew, i solved my problem added mupdate_admins: murder cyrus to the imapd.conf on the update server and frontends and now the frontend - backend connection is workin fine. Regards Constan cyrus @ Sylconia schreef: Hello Andrew, thank you for your suggestions and time. Does anyone else have tips on this e-mail list. In the meantime installed version 2.3.7 still the same problem Regards Constan Andrew Morgan schreef: On Sat, 14 Jun 2008, Constan @ Sylconia.nl wrote: hello Andrew, does this thread help me http://www.irbs.net/internet/info-cyrus/0401/0578.html because i assume the proxyd and pop3d are the problem here although i am running version 2.2 That shouldn't be a problem in v2.2, but I'm out of ideas at this point. Maybe you should send another message to the mailing list? Andy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Seen database issue
The architecture of the old server is intel 32bit RHEL3 and the new server is intel 32bit RHEL5. Any suggestions on what may be wrong is appreciated as this is the only issue I have in the transition and I need to move a large number of users to the new server without losing the seen information. I tried converting the skiplist db on the old server to various formats - berkeley flat and then back to skiplist on the new server, but the messages on the new server still all come up as not seen. thanks much S Shelley Waltz said: I am migrating my users from cyrus-imapd-2.2.3-4 to cyrus-imapd-2.3.7-2 Moving the /var/spool/imap directories, and /var/lib/user/{}.seen files to the new server and reconstructing works fine except that all the mail shows up as not read on the new sever. The username.seen on both servers is skiplist. What do I need to do to have the seen preserved in the migration? No issues were mentioned in the upgrade documentation regarding a migration from 2.2 to 2.3 and skiplist. Any help is appreciated. thanks S Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html { Shelley Waltz Center for Advanced Biotechnology and Medicine Rutgers University / UMDNJ 679 Hoes Lane Piscataway, NJ 08854-5638 732 235 3346 }; Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mupdate TLS
On Mon, 16 Jun 2008, Wesley Craig wrote: On 16 Jun 2008, at 19:07, Andrew Morgan wrote: Does the mupdate process in a Cyrus murder actually use TLS? Almost certainly. mupdate_connect devolves to backend_connect, the same routine that cyrus routinely uses throughout for proxy connections. Also, the mupdate server pays attention to the allowplaintext configuration, so if you're not using TLS and aren't permitting plaintest, passwords don't work. Are you using GSSAPI? The 'mupdatetest' binary doesn't seem to support it. The --help doesn't list TLS as an option, and if I use -t '', it just hangs during TLS negotiation. I see that imtest / mupdatetest specifically doesn't mention -t wrt mupdate. But imtest's TLS support is pretty broken, AFAIK. In particular, there's not way at all to set a CA location. In any case, mupdatetest -t does in fact work for me, tho it gives errors about self-signed certificates. With no CA, self-signed certs are kind of a given. It seems like it should work because mupdated lists STARTTLS in the capability string, but none of the hosts in my Cyrus murder try to use TLS as far as I can tell. If you don't want them to, don't configure certificates for your mupdate master. Personally, I'm using GSSAPI everywhere, so I prefer not to have certificates configured where they aren't going to provide me with much (if any) benefit. If you do configure them, they are used. Thanks Wes. It seems that I had the permissions wrong on my private key so mupdate was unable to use TLS. Now I think I need to restart mupdate to get it working properly... Andy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Seen database issue
On Tue, Jun 17, 2008 at 6:00 PM, Shelley Waltz [EMAIL PROTECTED] wrote: The architecture of the old server is intel 32bit RHEL3 and the new server is intel 32bit RHEL5. Any suggestions on what may be wrong is appreciated as this is the only issue I have in the transition and I need to move a large number of users to the new server without losing the seen information. I tried converting the skiplist db on the old server to various formats - berkeley flat and then back to skiplist on the new server, but the messages on the new server still all come up as not seen. thanks much S Shelley Waltz said: I am migrating my users from cyrus-imapd-2.2.3-4 to cyrus-imapd-2.3.7-2 Moving the /var/spool/imap directories, and /var/lib/user/{}.seen files to the new server and reconstructing works fine except that all the mail shows up as not read on the new sever. The username.seen on both servers is skiplist. What do I need to do to have the seen preserved in the migration? No issues were mentioned in the upgrade documentation regarding a migration from 2.2 to 2.3 and skiplist. Any help is appreciated. thanks S Do you have any error message ? Are you sure you have restored your seen file in the good place ? If you you create a completely new user, is the seen working then ? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html { Shelley Waltz Center for Advanced Biotechnology and Medicine Rutgers University / UMDNJ 679 Hoes Lane Piscataway, NJ 08854-5638 732 235 3346 }; Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Alain Spineux aspineux gmail com May the sources be with you Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Seen database issue
Alain Spineux said: On Tue, Jun 17, 2008 at 6:00 PM, Shelley Waltz [EMAIL PROTECTED] wrote: The architecture of the old server is intel 32bit RHEL3 and the new server is intel 32bit RHEL5. Any suggestions on what may be wrong is appreciated as this is the only issue I have in the transition and I need to move a large number of users to the new server without losing the seen information. I tried converting the skiplist db on the old server to various formats - berkeley flat and then back to skiplist on the new server, but the messages on the new server still all come up as not seen. thanks much S Shelley Waltz said: I am migrating my users from cyrus-imapd-2.2.3-4 to cyrus-imapd-2.3.7-2 Moving the /var/spool/imap directories, and /var/lib/user/{}.seen files to the new server and reconstructing works fine except that all the mail shows up as not read on the new sever. The username.seen on both servers is skiplist. What do I need to do to have the seen preserved in the migration? No issues were mentioned in the upgrade documentation regarding a migration from 2.2 to 2.3 and skiplist. Any help is appreciated. thanks S Do you have any error message ? Are you sure you have restored your seen file in the good place ? If you you create a completely new user, is the seen working then ? There are no error messages, just the usual messages at start-up regarding rebuilding the seen database - this is normal, yes? A new user seen database does work and I have restored the username.seen files to /var/lib/imap/user/{a-z}/ . If I change read a message, the seen database does change and does work. It is only that upon migrating the database from one host to the other that all the messages appear as not seen. ??? what may cause the information to get lost? Is it the rebuild which happens when cyrus-imapd starts? Why does it rebuild? thanks S Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Seen database issue
Moving the /var/spool/imap directories, and /var/lib/user/{}.seen files to the new server and reconstructing works fine except that all the mail shows up as not read on the new sever. The seen state is keyed on the mailbox uniqueid, so if that changes, the seen state becomes invalid. The mailbox uniqueid is based on the mailbox name + the uidvalidity value, which is itself based on the time the mailbox is created, or recreated due to a reconstruct. Now I thought reconstruct should preserve the mailbox uniqueid in most cases, but it's possible it's not if you're not copying all the data correctly. 1. Why are you reconstructing the mailboxes. If you copy all the right data, it should be fine without a reconstruct 2. How are you copying the data? Recommend using rsync -az which will preserve all the attributes + timestamps 3. Are you using split data/meta data? If so, are you copying the metadata as well? 4. What flags are you passing to reconstruct? Rob Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Linux kernel bug AMD64 - affects skiplists
I promised I'd have something to say about skiplists soon! (hi Rudy - hope you had a good time off, leaving me here to figure this out _all_by_myself_ ;) ) There's a bug in the linux kernel for amd64 builds only that breaks some skiplist files. Specifically, checkpointing a seen file with a long (greater than page size) list of seen data will cause corruption where it crosses the page break. The last 16-24 bytes will of the page will be NULLed out. You can read more about it in all its gory detail here: http://lkml.org/lkml/2008/6/17/9 Thanks Linus for the prompt (at least partial) fix. If you are running one of those kernels now, I recommend you either change the kernel version, or apply the patch Linus posted. I was going to suggest a little magic patch, but I've been unable to actually make it work in testing, so I won't do it! Bron. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html