on 8/31/01 11:14 AM, Chris Keating at [EMAIL PROTECTED] spake:
>>
>> PLEASE note that I am not a subscriber to this list, if you need to ask me
>> any questions about this, remember to cc me.
>>
>> Quoted from mail-archive.com:
>> on 8/29/01 11:50 AM, [EMAIL PROTECTED] at [EMAIL PROTECTED] spake:
>>
>>> Latest CourierIMAP works with the latest development of
>>> vpopmail which has authentication structure changes.
>>
>> Except for IMAP before SMTP (roaming users).
>>
>> My previous posts:
>>
>> http://www.mail-archive.com/vchkpw@inter7.com/msg06208.html
>> http://www.mail-archive.com/vchkpw@inter7.com/msg06246.html
>>
>> No one has responded to these posts, so either I'm the only one using this
>> feature with these versions, or the only one that is having the problem.
>> I'd love to know if someone else has it working successfully with
>> 4.10.35/1.3.10.
>>
>> Cheers,
>>
>> Bill Shupp
>>
>
> Bill, I took a crack at your roaming users problem last night and I came
> up with a solution that I'm happy with.
>
> The basic problem is that the newer version of courierIMAP has seperated
> the authentication process from the couriertcp process by using
> authdaemond. So when vpopmail's open_smtp_relay function get's called it's
> unable to retreive the remote user's IP address from the environment
> variables. To fix this I've written a program that can be dropped in
> between imaplogin and imapd. This program will only be called if the user
> has been authenticated. It will call open_smtp_relay with the proper
> environment variables set, then it will call whatever program is passed
> into it's argv[1] parameter.
>
> Run sh ./build to build open_relay, if the compile fails with complaints
> about crypt add -lcrypt to your ~vpopmail/etc/lib_deps. Install open_relay
> whereever you like, I put mine in /usr/local/bin. Modify imapd.rc, or use
> the one I attached. The important line is this one:
>
> $PORT ${exec_prefix}/sbin/imaplogin $LIBAUTHMODULES \
> ${exec_prefix}/bin/open_relay \ #This will setup open_relay for roaming users
> ${exec_prefix}/bin/imapd Maildir"
>
> Don't forget to put ~vpopmail/bin/clearopensmtp into your cron!
>
> Enjoy,
> Chris
Chris,
Thanks for your efforts. This works for me. However, this workaround has a
few drawbacks that you may already be aware of:
1. If imap access is turned off (via vmoduser -i), then imap access is not
granted, but open_relay still tries to run and just leaves the open_smtp
file owned by root.root, making roaming break until permissions are changed
back.
2. If roaming is disabled for that user (via vmoduser -r), open_relay has no
way of knowing since it's separate from authvchkpw now. So they get to roam
anyway.
3. For people using multiple authentication modules (not me), anyone who is
authenticated will get roaming access.
Since we are now forced to use authdaemon (as far as I can tell, anyway),
seems like the best solution would be for imaplogin to pass the environment
to authdaemond. This would fix everything mentioned above, I think, and
perhaps similar issues for other authentication modules.
Thanks again, Chris!
Regards,
Bill Shupp
