headers
Casey Allen Shobe | 1 Jul 2005 01:23

Re: Dovecot doesn't use vchkpw properly :(

On Thursday 30 June 2005 21:08, Timo Sirainen wrote:
> On 30.6.2005, at 20:49, Casey Allen Shobe wrote:
> > It seems that dovecot does NOT call vchkpw properly when using
> > vpopmail-style authentication, I can only guess that it reads
> > the vpasswd{,.cdb} files directly.
>
> Right. It uses vpopmail's library directly.

Will it continue to work when we change to using PostgreSQL support 
in vpopmail to store the usernames and passwords in a database?

Cheers,
--

-- 
Casey Allen Shobe | http://casey.shobe.info
cshobe <at> seattleserver.com | cell 425-443-4653
AIM & Yahoo:  SomeLinuxGuy | ICQ:  1494523
SeattleServer.com, Inc. | http://www.seattleserver.com
Permalink | Reply | 1 comment |
headers
Orchun Kolcu | 1 Jul 2005 01:24

Authenticate login failed: Unsupported authentication mechanism

Hi,

I just switched (or tried to) from UW-IMAP to dovecot. When I try to
login through the telnet client I get:
1 NO Authentication failed and in the log I get:
imap-login: Authenticate PLAIN failed: Unsupported authentication
mechanism

If I try to login through the IMAP client (Thunderbird), in the log I
get the slightly different:
imap-login: Authenticate login failed: Unsupported authentication
mechanism

Here's the auth setup from the conf:
auth default {
  mechanisms = plain
  passdb = pam imap
  userdb = passwd
  user = root
}

And here's /etc/pam.d/imap for good measure:
auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

The server is a fairly standard Redhat 8 setup. Any idea what's going
on? Thanks!
--

--
(Continue reading)

Permalink | Reply | 3 comments |
headers
Chris Wakelin | 1 Jul 2005 01:27
Picon
Picon

Re: 1.0-test75 and roadmap for v1.0

Timo Sirainen wrote:
> 
> I think I'll forget about the master/config rewrite for a while and 
> leave it for Dovecot v2.0. That would mean the next release will be 
> called 1.0-alpha1. After that there should be only bugfixes and some 
> smaller features and optimizations left.

Sounds reasonable. Mind you, it feels scary migrating our 20,000 users 
to an "alpha" product! (This week I managed to switch ~120 University 
Admin staff, who are some of our heaviest users, to use Dovecot 
1.0-stable with mbox, instead of UW-IMAP, without them noticing! So far, 
it seems that Dovecot is reading one third of the disk blocks and using 
half the CPU than UW-IMAP, for them.)

> 
> I looked through my TODO and found the following missing features / 
> optimizations that pretty much have to be done before v1.0. Anything 
> important missing?
> 

<snip>

> 
>  - mail cache file
>      - cache _all_ headers that are marked to be cached when headers are
>        being parsed, not just the ones client is requesting at that time.
>      - compression should drop fields with last_used <
>        (latest_mail_index_date - month)
>      - when parsing mbox or saving message, parse the mail through 
> index-mail
(Continue reading)

Permalink | Reply | 1 comment |
headers
Chris Wakelin | 1 Jul 2005 01:31
Picon
Picon

Re: Authenticate login failed: Unsupported authentication mechanism

Which version of Dovecot? Do you have "disable_plaintext_auth" set to 
"yes" but not using SSL/TLS?

Best Wishes,
Chris

Orchun Kolcu wrote:
> Hi,
> 
> I just switched (or tried to) from UW-IMAP to dovecot. When I try to
> login through the telnet client I get:
> 1 NO Authentication failed and in the log I get:
> imap-login: Authenticate PLAIN failed: Unsupported authentication
> mechanism
> 
> If I try to login through the IMAP client (Thunderbird), in the log I
> get the slightly different:
> imap-login: Authenticate login failed: Unsupported authentication
> mechanism
> 
> Here's the auth setup from the conf:
> auth default {
>   mechanisms = plain
>   passdb = pam imap
>   userdb = passwd
>   user = root
> }
> 
> And here's /etc/pam.d/imap for good measure:
> auth       required     pam_nologin.so
(Continue reading)

Permalink | Reply | 1 comment |
headers
Timo Sirainen | 1 Jul 2005 01:48
Picon
Picon
Favicon

Re: 1.0-test75 and roadmap for v1.0

On 1.7.2005, at 02:27, Chris Wakelin wrote:

> I'm still not convinced the cache file is shrinking properly for me. 
> Do entries get expired after a set time at the moment (in 1.0-stable)?

No. I've been a bit lazy in updating 1.0-stable.. Committed this fix to 
it now.

> Anyway, it would be nice to be able to configure the lifetime (e.g. 
> may be less than a month). I've noticed that if you've got a lot of 
> messages - and I'm being deliberately naughty with my INBOX ;) - doing 
> a full search will lead to a big cache file, even though the user is 
> less likely to read the oldest messages.

Hmm. I don't know .. For repeated header searches the cache will help a 
lot since there's no need to read all the messages again.

Currently Dovecot does two types of caching. One is "cache for a week" 
after which it will be dropped, another is "cache forever". These are 
mostly done to differentiate between clients having local caches and 
clients not having local caches. There are two rules that make a 
cache-for-a-week rule change to cache-forever:
		/* a) nonordered access within this session. if client doesn't
		      request messages in growing order, we assume it doesn't
		      have a permanent local cache.
		   b) accessing message older than one week. assume it's a
		      client with no local cache. if it was just a new client
		      generating the local cache for the first time, we'll
		      drop back to TEMP within few months. */
(Continue reading)

Permalink | Reply | 0 comments |
headers
Timo Sirainen | 1 Jul 2005 01:50
Picon
Picon
Favicon

Re: Dovecot doesn't use vchkpw properly :(

On 1.7.2005, at 02:23, Casey Allen Shobe wrote:

> On Thursday 30 June 2005 21:08, Timo Sirainen wrote:
>> On 30.6.2005, at 20:49, Casey Allen Shobe wrote:
>>> It seems that dovecot does NOT call vchkpw properly when using
>>> vpopmail-style authentication, I can only guess that it reads
>>> the vpasswd{,.cdb} files directly.
>>
>> Right. It uses vpopmail's library directly.
>
> Will it continue to work when we change to using PostgreSQL support
> in vpopmail to store the usernames and passwords in a database?

Yes. vchkpw also uses the same library to access the passwords. It just 
does a bit more than what Dovecot does (the password saving).
Permalink | Reply | 0 comments |
headers
Dominic Marks | 1 Jul 2005 01:55
Picon

Re: 1.0-test75 and roadmap for v1.0

On Thursday 30 June 2005 23:29, Timo Sirainen wrote:
> http://dovecot.org/test/
>
> Keywords are finally stored in maildir filenames and listed in
> "dovecot-keywords" file. It should be possible to just rename
> 0.99.x's .customflags file to dovecot-keywords (but it can't be
> renamed back after modification).
>
> Also fixed another uid/sequence mixup bug with setting keywords in
> general (in mbox too).
>
> Fixed SHA1 checksum generation with big-endian machines (used only in
> passwords).
>
> I think I'll forget about the master/config rewrite for a while and
> leave it for Dovecot v2.0. That would mean the next release will be
> called 1.0-alpha1. After that there should be only bugfixes and some
> smaller features and optimizations left.

A 1.0 release would be nice :-)

> I looked through my TODO and found the following missing features /
> optimizations that pretty much have to be done before v1.0. Anything
> important missing?
>
>   - keywords:
>      - add some limits to how many there can be
>      - send FLAGS/PERMANENTFLAGS untagged replies when they change
>        (required by IMAP RFC)
>      - remove unused keywords from keyword list? (only when adding
(Continue reading)

Permalink | Reply | 6 comments |
headers
Andrew Hutchings | 1 Jul 2005 01:58
Picon

Re: root login is refused, but....

Timo Sirainen wrote:
> On 30.6.2005, at 10:02, Andrew Hutchings wrote:
> 
>>> -ERR [IN-USE] Internal login failure. Refer to server log for more 
>>> information.
>>> Connection closed by foreign host.
>>> robyt:~#
>>> Why dovecot don't close the connection at user root?
>>> With this system i may know the root password..
>>
>>
>> Dovecot is hard coded to refuse the root use at the auth stage (when 
>> passing the user/pass entered).
>> You are right though, the root user should be rejected for the same 
>> reason no matter what the password.  The current method could be used 
>> to discover the root password.
> 
> 
> The fix isn't simple though. Authentication works like:
> 
> 1. login: send user/pass to auth
> 2. auth: validate the password against passdb and reply to login. if 
> auth fails, delay the answer for ~2secs
> 3. login: send file descriptor to master and request a new imap/pop3 
> process
> 4. master: request user information from auth
> 5. auth: check that master's request is valid and return user 
> information if so
> 6. master: check that user info is valid (eg. UID isn't 0). if it's 
> invalid or something failed, login is sent a failure reply and:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Srinivas | 1 Jul 2005 07:12

error while connecting from squirrelmail


Hi all,
  I am new to dovecot and squirrelmail and I am trying to configure squirrelmail with dovecot as its imap
server. When i disable "Secure Imap (TLS)" option (2-A-7) from squirrelmail configure menu, it's
working fine. But when i try to enable tls support, squirrelmail is giving the following error:

Warning: fsockopen(): unable to connect to 192.xx.xx.xx:993 in
/usr/share/squirrelmail/functions/imap_general.php on line 445

ERROR
Error connecting to IMAP server: tls://192.xx.xx.xx.
111 : Connection refused
Go to the login page

The port numbers of the imap server are as follows:

imap_listen 143
pop3_listen 110

imaps_listen 993
pop3s_listen 995

Squirrelmail and the dovecot imap server are running on different machines, so it is essential to enable
tls support. All the machines are running Debian Sarge.

Can anyone suggest a solution for the above problem ?
Thank you.
                  Srinivas

_______________________________________________
(Continue reading)

Permalink | Reply | 1 comment |
headers
Neil Quiogue | 1 Jul 2005 07:37
Picon

Re: error while connecting from squirrelmail

Only two things I can think of:
1. Dovecot was not configured for imap with ssl (check that
ssl_disable is not set to yes).  Also check the protocols statement
that it supports imaps.

2. Check that you do not have access lists blocking off 993 to your
squirrelmail.  This is often encountered if using tcp wrappers and
you're running dovecot through (x)inetd.

Regards, Neil

2005/7/1, Srinivas <srinivaspatnaik <at> myway.com>:
> 
> Hi all,
>   I am new to dovecot and squirrelmail and I am trying to configure squirrelmail with dovecot as its imap
server. When i disable "Secure Imap (TLS)" option (2-A-7) from squirrelmail configure menu, it's
working fine. But when i try to enable tls support, squirrelmail is giving the following error:
> 
> Warning: fsockopen(): unable to connect to 192.xx.xx.xx:993 in
> /usr/share/squirrelmail/functions/imap_general.php on line 445
> 
> ERROR
> Error connecting to IMAP server: tls://192.xx.xx.xx.
> 111 : Connection refused
> Go to the login page
> 
> The port numbers of the imap server are as follows:
> 
> imap_listen 143
> pop3_listen 110
(Continue reading)

Permalink | Reply | 0 comments |

Gmane