RE: [opensuse] disable login authentication in imap
I set up imap temporarily to get mail off a server, however when trying to retrieve mail with username and password from Thunderbird I find an error in the server's logs;
May 6 16:11:05 example_server imapd[5016]: Login disabled user=user1 auth=user1 host=[192.168.1.100]
You should see something like this: May 7 01:41:55 nimrodel imapd[651]: imaps SSL service init from 192.168.1.12 May 7 01:42:01 nimrodel imapd[651]: Authenticated user=pruebas host=nimrodel.valinor [192.168.1.12] mech=PLAIN May 7 01:42:07 nimrodel imapd[653]: imaps SSL service init from 192.168.1.12 May 7 01:42:07 nimrodel imapd[653]: Authenticated user=pruebas host=nimrodel.valinor [192.168.1.12] mech=PLAIN
This is only temporary so I am looking for a quick fix, since I don't intend to leave imap on the server. I think imap wants to use pam to authenticate, but I don't mind having clear text passwords go through. Any ideas how to enable the login? Suse 10.2
No way, that does not work. You have to tell thunderbird to use SSL. TLS or plain will not work, nor secure password. I assume you are trying uw_imap. Assuming you use xinetd, you need to configure /etc/xinetd.d/imap like this: pop2, pop3, disable. imap, disable (they will not work). service imaps { disable = no socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/imapd flags = IPv4 } ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` Thanks Carlos. Disabled imap and enabled imaps in /etc/xinetd.d/imap. Thunderbird client told use SSL, but now Thunderbird gets an error; "Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server. If so, use the Advanced IMAP Server Settings dialog to reduce the number of cached connections." This was reduced from 5 to 1, to no avail. /var/log/messages shows no connections made. Where is a quick and dirty howto to set up uw-imap setup with ssl? Many thanks, ~James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-05-06 at 17:46 -0700, James D. Parra wrote:
Thanks Carlos. Disabled imap and enabled imaps in /etc/xinetd.d/imap. Thunderbird client told use SSL, but now Thunderbird gets an error;
"Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server. If so, use the Advanced IMAP Server Settings dialog to reduce the number of cached connections."
Instead of that, look at the /var/log/mail* log files.
Where is a quick and dirty howto to set up uw-imap setup with ssl?
uw-imap has no configuration, or none is needed. However, you do need an ssl certificate, as Sam said. I forgot that "detail". The documentation is in "/usr/share/doc/packages/imap/". There is a "README.SuSE" that explains the certs thing. Well, "explain" is rather an overstatement... There is also a Yast module to create the certificates. I'm to sleepy to review the procedure right now, but I hope that will set you inthe right track. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIIQfytTMYHG2NR9URAhM/AJ0VcnnVw80cOsvrX3VbWFh4lSWbtQCeORb9 Z6zDry3M9nNWj4PTFjnTbcE= =OADd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The Tuesday 2008-05-06 at 17:46 -0700, James D. Parra wrote:
Thanks Carlos. Disabled imap and enabled imaps in /etc/xinetd.d/imap. Thunderbird client told use SSL, but now Thunderbird gets an error;
"Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server. If so, use the Advanced IMAP Server Settings dialog to reduce the number of cached connections."
Instead of that, look at the /var/log/mail* log files.
Where is a quick and dirty howto to set up uw-imap setup with ssl?
uw-imap has no configuration, or none is needed. However, you do need an ssl certificate, as Sam said. I forgot that "detail".
The documentation is in "/usr/share/doc/packages/imap/". There is a "README.SuSE" that explains the certs thing. Well, "explain" is rather an overstatement...
There is also a Yast module to create the certificates.
I'm to sleepy to review the procedure right now, but I hope that will set you inthe right track.
-- Cheers, Carlos E. R.
I THINK you can get us-imap to work without an SSL cert, but you will have to build the thing from scratch yourself. The version in opensuse is built for ssl only. Undertand you want a quick solution, and hope this does not complicate your efforts, but you might try uninstalling us-imap and trying another imap. I understand Dovecot works on both Maidir and Mbox mailboxes, and the last time I tested it, it did not require ssl, you could set it for one of the other, or both. This may be a quicker solution. However making an ssl cert for us-imap really isnt too difficult. JIm F -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ reposting - previous attemp was not accepted by the list server ] The Wednesday 2008-05-07 at 06:37 -0500, Jim Flanagan wrote:
I THINK you can get us-imap to work without an SSL cert, but you will have to build the thing from scratch yourself. The version in opensuse is built for ssl only.
True. SuSE disabled plain text login in mail many versions ago, not only for wu-imap. I think it was around version 8.x
Undertand you want a quick solution, and hope this does not complicate your efforts, but you might try uninstalling us-imap and trying another imap. I understand Dovecot works on both Maidir and Mbox mailboxes, and the last time I tested it, it did not require ssl, you could set it for one of the other, or both. This may be a quicker solution. However making an ssl cert for us-imap really isnt too difficult.
wu-imap has the advantage that it works out of the box with system users and no configuration. But it is true that the certificate thing is a hassle. Procedure: 1) create a CA certificate in yast (security, CA management module) I'm not sure it is required. If you do, you can also export it (advanced, export to file, only the certificate in PEM format), and then you can import it in Thunderbird as a CA authority (preferences: advanced, certificates tab, view button, authorities tab, import button). This will allow Thunderbird to accept the later certificate as belonging to a proper chain of certificates. 2) The next step is create the imapd.pem certificate: nimrodel:/etc/ssl # openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem Generating a 1024 bit RSA private key .++++++ .....................................................................................................................................++++++ writing new private key to 'imapd.pem' - ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - ----- Country Name (2 letter code) [ES]: State or Province Name (full name) [provincia]: Locality Name (eg, city) []:ciudad Organization Name (eg, company) [Valinor Certificates Very Limited Organization]:local Organizational Unit Name (eg, section) [Yo]: Common Name (eg, YOUR name - o DNS del servidor) []:nimrodel.valinor Email Address []:root@nimrodel.valinor The only important field is the "Common Name", that should be the DNS name of the server (the comment above is mine). If it doesn't match what the imapd server reports, Thunderbird will complain. 3) I think there is one more step so that the imapd.pem is signed by the CA. Dunno the procedure. Without 3, Thunderbird will warn that the identity is not trusted. But you can tell it to accept the certificate anyway. - -- Cheers -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIIbpBtTMYHG2NR9URAgRlAJkBiPZAoYKCUv/BD4febHiOuxOa0ACfQGy0 laOjcJXsggVFO8uVe4xvUCQ= =1435 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Carlos E. R. -
Carlos E. R. -
James D. Parra -
Jim Flanagan