I run qmail/maildir/courier-imap on my system for mail. When I upgraded to Courier 1.7.3-r1 I lost the ability to log into my imap server over imap-ssl. I have tried both authplain and authpgsql and neigther work (both previously had worked)
see also bug #23902 and bug #25027
please try the latest courier-imap-2.0.0 post up your relevant authdaemonrc config as well.
Created attachment 15967 [details] Courier-imap 2.0.0 Postgresql Auth Script This is more or less identicle to the one I use that works perfectly with courier-imap 1.6.2 because I don't use any of the new fields.
Created attachment 15968 [details] Authdaemonrc file for courier-imap 2.0.0
I have upgraded to the 2.0.0 courier imap and the same problem still exsists.
Comment on attachment 15967 [details] Courier-imap 2.0.0 Postgresql Auth Script ##VERSION: $Id: authpgsqlrc,v 1.6 2003/05/01 22:17:20 mrsam Exp $ # # Copyright 2000-2003 Double Precision, Inc. See COPYING for # distribution information. # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # authpgsqlrc created from authpgsqlrc.dist by sysconftool # # DO NOT INSTALL THIS FILE with world read permissions. This file # might contain the PostgreSQL admin password! # # Each line in this file must follow the following format: # # field[spaces|tabs]value # # That is, the name of the field, followed by spaces or tabs, followed by # field value. Trailing spaces are prohibited. ##NAME: LOCATION:0 # # The server hostname, port, userid, and password used to log in. # # To connect to a filesystem socket, delete PGSQL_HOST, and set PGSQL_PORT to # the socket's last component. So, if your pg socket is /tmp/.s.PGSQL.5400 # set PGSQL_PORT to 5400. PGSQL_PORT 5432 PGSQL_USERNAME imap PGSQL_PASSWORD ******** ##NAME: PGSQL_OPT:0 # # PGSQL_OPT specifies the connection debug options to PQsetdbLogin(). # Don't bother with this setting unless you know what you're doing # # PGSQL_OPT ##NAME: PGSQL_DATABASE:0 # # The name of the MySQL database we will open: PGSQL_DATABASE imapdata ##NAME: PGSQL_USER_TABLE:0 # # The name of the table containing your user data. See README.authmysqlrc # for the required fields in this table (both MySQL and Postgress use the # same suggested layout. PGSQL_USER_TABLE passwd ##NAME: PGSQL_CRYPT_PWFIELD:0 # # Either PGSQL_CRYPT_PWFIELD or PGSQL_CLEAR_PWFIELD must be defined. Both # are OK too. crypted passwords go into PGSQL_CRYPT_PWFIELD, cleartext # passwords go into PGSQL_CLEAR_PWFIELD. Cleartext passwords allow # CRAM-MD5 authentication to be implemented. PGSQL_CRYPT_PWFIELD crypt ##NAME: PGSQL_CLEAR_PWFIELD:0 # # # PGSQL_CLEAR_PWFIELD clear ##NAME: PGSQL_DEFAULT_DOMAIN:0 # # If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user', # we will look up 'user@DEFAULT_DOMAIN' instead. # # # DEFAULT_DOMAIN example.com ##NAME: PGSQL_UID_FIELD:0 # # Other fields in the mysql table: # # PGSQL_UID_FIELD - contains the numerical userid of the account # PGSQL_UID_FIELD uid ##NAME: PGSQL_GID_FIELD:0 # # Numerical groupid of the account PGSQL_GID_FIELD gid ##NAME: PGSQL_LOGIN_FIELD:0 # # The login id, default is id. Basically the query is: # # SELECT PGSQL_UID_FIELD, PGSQL_GID_FIELD, ... WHERE id='loginid' # PGSQL_LOGIN_FIELD id ##NAME: PGSQL_HOME_FIELD:0 # PGSQL_HOME_FIELD home ##NAME: PGSQL_NAME_FIELD:0 # # The user's name (optional) PGSQL_NAME_FIELD name ##NAME: PGSQL_MAILDIR_FIELD:0 # # This is an optional field, and can be used to specify an arbitrary # location of the maildir for the account, which normally defaults to # $HOME/Maildir (where $HOME is read from PGSQL_HOME_FIELD). # # You still need to provide a PGSQL_HOME_FIELD, even if you uncomment this # out. # PGSQL_MAILDIR_FIELD maildir ##NAME: PGSQL_DEFAULTDELIVERY:0 # # Courier mail server only: optional field specifies custom mail delivery # instructions for this account (if defined) -- essentially overrides # DEFAULTDELIVERY from ${sysconfdir}/courierd # # PGSQL_DEFAULTDELIVERY defaultDelivery ##NAME: PGSQL_QUOTA_FIELD:0 # # Define PGSQL_QUOTA_FIELD to be the name of the field that can optionally # specify a maildir quota. See README.maildirquota for more information # # PGSQL_QUOTA_FIELD quota ##NAME: PGSQL_WHERE_CLAUSE:0 # # This is optional, PGSQL_WHERE_CLAUSE can be basically set to an arbitrary # fixed string that is appended to the WHERE clause of our query # # PGSQL_WHERE_CLAUSE server='mailhost.example.com' ##NAME: PGSQL_SELECT_CLAUSE:0 # # (EXPERIMENTAL) # This is optional, PGSQL_SELECT_CLAUSE can be set when you have a database, # which is structuraly different from proposed. The fixed string will # be used to do a SELECT operation on database, which should return fields # in order specified bellow: # # username, cryptpw, uid, gid, clearpw, home, maildir, quota, fullname # # Enabling this option causes ignorance of any other field-related # options, excluding default domain. # # There are two variables, which you can use. Substitution will be made # for them, so you can put entered username (local part) and domain name # in the right place of your query. These variables are: # $(local_part), $(domain), and $(service) # # If a $(domain) is empty (not given by the remote user) the default domain # name is used in its place. # # $(service) will expand out to the service being authenticated: imap, imaps, # pop3 or pop3s. Courier mail server only: service will also expand out to # "courier", when searching for local mail account's location. In this case, # if the "maildir" field is not empty it will be used in place of # DEFAULTDELIVERY. Courier mail server will also use esmtp when doing # authenticated ESMTP. # # This example is a little bit modified adaptation of vmail-sql # database scheme: # # PGSQL_SELECT_CLAUSE SELECT popbox.local_part, \ # CONCAT('{MD5}', popbox.password_hash), \ # popbox.clearpw, \ # domain.uid, \ # domain.gid, \ # CONCAT(domain.path, '/', popbox.mbox_name), \ # '', \ # domain.quota, \ # '', \ # FROM popbox, domain \ # WHERE popbox.local_part = '$(local_part)' \ # AND popbox.domain_name = '$(domain)' \ # AND popbox.domain_name = domain.domain_name # ##NAME: PGSQL_CHPASS_CLAUSE:0 # # (EXPERIMENTAL) # This is optional, PGSQL_CHPASS_CLAUSE can be set when you have a database, # which is structuraly different from proposed. The fixed string will # be used to do an UPDATE operation on database. In other words, it is # used, when changing password. # # There are four variables, which you can use. Substitution will be made # for them, so you can put entered username (local part) and domain name # in the right place of your query. There variables are: # $(local_part) , $(domain) , $(newpass) , $(newpass_crypt) # # If a $(domain) is empty (not given by the remote user) the default domain # name is used in its place. # $(newpass) contains plain password # $(newpass_crypt) contains its crypted form # # PGSQL_CHPASS_CLAUSE UPDATE popbox \ # SET clearpw='$(newpass)', \ # password_hash='$(newpass_crypt)' \ # WHERE local_part='$(local_part)' \ # AND domain_name='$(domain)' #
Created attachment 15973 [details] Courier 2.0.0 Authdaemonrc Script
ok, you note imap-ssl doesn't work, but does pure IMAP work ?
I have the same probs here on a fresh install with1.7.3-r1 and 2.0.0. I use authpam, neither imap-ssl nor pure imap work resp. i cannot login. I checked this on two other boxen where i have to upgrade imap and with both version, 1.7.3-r1 and 2.0.0 i'am able to connect successfully to the imap server. But not on the fresh installed box :-(
both of you: please attach /etc/courier-imap/imapd and /etc/courier-imap/imapd-ssl and confirm that authdaemond is running before courier-imap. veit: please report the last version that worked for you john: does regular IMAP work for you or not ?
Created attachment 16083 [details] courier-imap-1.7.3-r1 /etc/courier-imap/imapd
Created attachment 16084 [details] courier-imap-1.7.3-r1 /etc/courier-imap/imapd-ssl
On a x86 and ppc box which are frequently updated i have no problems to connect to imapd with 1.7.3-r1 and 2.0.0 . But on a fresh new machine from stage3 i cant get imap to work. i tried 1.7.3 1.7.3-r1 and 2.0.0 and cannot login. All i get is this in my syslog: Aug 14 12:09:55 max authdaemond.plain: authdaemon: modules="authpam", daemons=5 Aug 14 12:10:14 max imapd-ssl: Connection, ip=[192.168.1.1] Aug 14 12:10:43 max imap(pam_unix)[29531]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=veitw Aug 14 12:10:48 max imapd-ssl: LOGIN FAILED, ip=[192.168.1.1] Yes authdaemond is running before courier-imap.
right after "authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=veitw" shows up in the logs please run 'id veitw' and paste that output here. also, try running nscd and see if that has any effect (both off and on).
1.6.2 is the last version that works for me. And both imap-ssl and imap don't work, I just didn't notice regular imap wasn't working because I don't run it.
Created attachment 16098 [details] Courier Imapd configuration file
root@max courier-imap # id veitw uid=1010(veitw) gid=100(users) Gruppen=100(users),10(wheel) Running nscd didn't change anything.
Hmm, it looks like authdaemon has lost it's mind and doesn't know where to find it, but lets confirm that first. firstly, try: /usr/lib/courier-imap/authlib/authtest $username $password replacing $username and $password with good values, and include the output here. next, try this (same as before with username and password): /usr/lib/courier-imap/authlib/authdaemontest 1 5 /usr/lib/courier-imap/authlib/authtest $username $password there should be no output from this, if there is, please include the output and the return code (echo "$?" right afterwards to check.) lastly, please do this, in imapd, set DEBUG_LOGIN=2 then try to login once either via imapd or imapd-ssl, and include that log output here. it may go to the debug SYSLOG, or a number of other places, depending on your log setup, so you may have to dig to find it.
root@max courier-imap # /usr/lib/courier-imap/authlib/authtest veitw XXXXXXXX Temporary authentication failure from module authdaemon Authentication FAILED! root@max courier-imap # /usr/lib/courier-imap/authlib/authdaemontest 1 5 /usr/lib/courier-imap/authlib/authtest veitw XXXXXXXX Temporary authentication failure from module authdaemon Authentication FAILED! syslog output with DEBUG_LOGIN=2 pure imap: Aug 14 19:29:33 max imapd: Connection, ip=[192.168.1.1] Aug 14 19:29:33 max imapd: LOGIN: DEBUG: ip=[192.168.1.1], command=CAPABILITY Aug 14 19:29:38 max imapd: LOGIN: DEBUG: ip=[192.168.1.1], command=LOGIN Aug 14 19:29:38 max imapd: LOGIN: DEBUG: ip=[192.168.1.1], username=veitw Aug 14 19:29:38 max imapd: LOGIN: DEBUG: ip=[192.168.1.1], password=XXXXXXXX Aug 14 19:29:38 max imap(pam_unix)[28793]: authentication failure; logname= uid=0 euid=0 t ty= ruser= rhost= user=veitw Aug 14 19:29:43 max imapd: LOGIN FAILED, ip=[192.168.1.1] imapd-ssl: Aug 14 19:30:05 max imapd-ssl: Connection, ip=[192.168.1.1] Aug 14 19:30:07 max imapd-ssl: LOGIN: DEBUG: ip=[192.168.1.1], command=CAPABILITY Aug 14 19:30:12 max imapd-ssl: LOGIN: DEBUG: ip=[192.168.1.1], command=LOGIN Aug 14 19:30:12 max imapd-ssl: LOGIN: DEBUG: ip=[192.168.1.1], username=veitw Aug 14 19:30:12 max imapd-ssl: LOGIN: DEBUG: ip=[192.168.1.1], password=XXXXXXXX Aug 14 19:30:12 max imap(pam_unix)[28814]: authentication failure; logname= uid=0 euid=0 t ty= ruser= rhost= user=veitw Aug 14 19:30:17 max imapd-ssl: LOGIN FAILED, ip=[192.168.1.1]
Oh forgot the echo "$?". It gives me 1 back.
Hm,i thing in my case it has something to do with permission. I add a new user on my problem box, maildirmake him a .maildir and send him a mail, connect with mutt to the imapd without problems. The /homes are nfs shares and all configs are the same as on the box without problems. Any clues where i can looking for?
Jesus, a screwed up passwd was the problem. veitw@max veitw $ passwd Changing password for veitw (current) UNIX password: passwd: Authentication token manipulation error After setting a new password all went fine. Thx
John: any update?
no response from user, closing
