Re: [vchkpw] non-root courier-imap + vmysql.c problem
At 17:04 28-9-2009, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ro Achterberg wrote: > Hi all, > > I'm using the vpopmail MySQL module to manage my domains and to provide > an authorization backend for courier-imapd's authdaemon (among other > things). However, it seems that since the MySQL module (vmysql.c + > vmysql.h) doesn't bother registering the Maildir domain's uid and gid > (thereby storing them with a default value of 0), courier-imap runs into > problems when trying to authenticate a user, since I have it run as a > non-root user. > > Basically what happens is that courier-imap is unable to setgid() from > 'root', since that's what it's reading from the SQL table, that the > MySQL module had created. Am I missing a configuration parameter > somewhere, or could this be considered a bug? Any insights would be > greatly appreciated. Ro, Courier-MTA has dropped all support for vpopmail, and as such, vpopmail has dropped all support for Courier-MTA, and it's various parts such as Courier-IMAP. This isn't really considered a bug because this worked in the past, but they simply chose to take a stance of non-support. I saw that you sent me a patch that allows authentication to work, but the uid/gid fields in vpopmail are not used as named. The fields are called that so that implementors realize it's authentication scheme is based on the Unix-based passwd system calls. The fields are actually used to store user flags. Most people using qmail/vpopmail installations have moved to Dovecot for IMAP, and some other services as well. Most would tell you that Dovecot is a superior IMAP server too. Moving to Dovecot from Courier-IMAP is *easy as can be*. - -- Hi Matt, I thought you'd like to know that eventhough it took some courage to dive into the rather fragmented and poorly written documentation provided by Dovecot which led to some initial frustration, I decided to drop courier in favor of it. I'm now using Dovecot + the SQL auth driver which queries the vpopmail table for authentication and user info. It better suits my needs for proper security, performance and easy of use. Thanks for recommending it to me. Bye, Ro !DSPAM:4ac4868a32711125817689!
Re: [vchkpw] non-root courier-imap + vmysql.c problem
At 17:04 28-9-2009, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ro Achterberg wrote: > Hi all, > > I'm using the vpopmail MySQL module to manage my domains and to provide > an authorization backend for courier-imapd's authdaemon (among other > things). However, it seems that since the MySQL module (vmysql.c + > vmysql.h) doesn't bother registering the Maildir domain's uid and gid > (thereby storing them with a default value of 0), courier-imap runs into > problems when trying to authenticate a user, since I have it run as a > non-root user. > > Basically what happens is that courier-imap is unable to setgid() from > 'root', since that's what it's reading from the SQL table, that the > MySQL module had created. Am I missing a configuration parameter > somewhere, or could this be considered a bug? Any insights would be > greatly appreciated. Ro, Courier-MTA has dropped all support for vpopmail, and as such, vpopmail has dropped all support for Courier-MTA, and it's various parts such as Courier-IMAP. This isn't really considered a bug because this worked in the past, but they simply chose to take a stance of non-support. I saw that you sent me a patch that allows authentication to work, but the uid/gid fields in vpopmail are not used as named. The fields are called that so that implementors realize it's authentication scheme is based on the Unix-based passwd system calls. The fields are actually used to store user flags. Most people using qmail/vpopmail installations have moved to Dovecot for IMAP, and some other services as well. Most would tell you that Dovecot is a superior IMAP server too. Moving to Dovecot from Courier-IMAP is *easy as can be*. - -- Hi Matt, Thanks for the clarification. I can see how you would drop support for courier-mta if it is no longer mutual. I'm also aware of the purpose of the uid/gid fields as vpopmail uses them, but the patch still works for me, seeing as I have the authmysql module construct its SQL query in such a way that it properly uses the uid and gid fields as they are stored in the table. The patch as I sent it to you works for me, but it's hardly a long term solution. I'll be weighing your point of view (vpopmail + Dovecot) against a possible setup where I'd still use courier-imap, combined perhaps with another domain/user management tool. Although I've always been a very happy vpopmail user, I've also put a lot of effort into getting my rather complex chrooted non-root mail setup into gear in which courier-imap has played an important role. Bye, Ro !DSPAM:4ac0dd6032714145926256!
Re: [vchkpw] non-root courier-imap + vmysql.c problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ro Achterberg wrote: > Hi all, > > I'm using the vpopmail MySQL module to manage my domains and to provide > an authorization backend for courier-imapd's authdaemon (among other > things). However, it seems that since the MySQL module (vmysql.c + > vmysql.h) doesn't bother registering the Maildir domain's uid and gid > (thereby storing them with a default value of 0), courier-imap runs into > problems when trying to authenticate a user, since I have it run as a > non-root user. > > Basically what happens is that courier-imap is unable to setgid() from > 'root', since that's what it's reading from the SQL table, that the > MySQL module had created. Am I missing a configuration parameter > somewhere, or could this be considered a bug? Any insights would be > greatly appreciated. Ro, Courier-MTA has dropped all support for vpopmail, and as such, vpopmail has dropped all support for Courier-MTA, and it's various parts such as Courier-IMAP. This isn't really considered a bug because this worked in the past, but they simply chose to take a stance of non-support. I saw that you sent me a patch that allows authentication to work, but the uid/gid fields in vpopmail are not used as named. The fields are called that so that implementors realize it's authentication scheme is based on the Unix-based passwd system calls. The fields are actually used to store user flags. Most people using qmail/vpopmail installations have moved to Dovecot for IMAP, and some other services as well. Most would tell you that Dovecot is a superior IMAP server too. Moving to Dovecot from Courier-IMAP is *easy as can be*. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkrA0HMACgkQIwet2/rgZyxgSACeN7zzGE1ux0k0TsLx/Iv6gfB5 5/oAnR5U4g6YB81G+6BlrEXZEj26aHyq =QPY6 -END PGP SIGNATURE-