Fatal error: tls_start_servertls() failed. (fwd)

Mike Allen mallen at familyradio.org
Mon Aug 25 18:12:59 EDT 2003 

Ken:

Enclosed are two attached files with log info you requested.
imtest -s runs with errors while imtest by itself does not show errors.

It appears to me to be an authentication problem.

Mike Allen



On Thu, 21 Aug 2003, Ken Murchison wrote:

>
>
> Mike Allen wrote:
>
> > Ken,
> >
> > Thanks for your help and insight.  I have attached my imapd.conf file
> > with the values I currently use.  SSL/TLS still does not let me
> > communicate with port 993. imtest will not run to completion.
> > What am I missing?
>
> I don't know.  Are imapd and/or imtest spitting out any additional
> messages to imapd.log?  Are you running both imapd and imtest with the
> -s option?
>
>
> >
> > Thanks again for your help.
> >
> > Mike Allen
> >
> > ---------- Forwarded message ----------
> > Date: Wed, 20 Aug 2003 20:55:57 -0400
> > From: Ken Murchison <ken at oceana.com>
> > To: Mike Allen <mallen at familyradio.org>
> > Cc: info-cyrus at lists.andrew.cmu.edu
> > Subject: Re: Fatal error: tls_start_servertls() failed.
> >
> >
> >
> > Mike Allen wrote:
> >
> >
> >>I get the above Fatal error when I try to do anything after the
> >>following command:
> >>
> >>    telnet localhost imaps
> >>
> >>Would someone please direct me as to how to debug this?  Thanks in
> >>advance for your help.
> >
> >
> > First or all, telneting to port 993 won't get you any visible data,
> > since SSL/TLS is negotiated before any IMAP protocol data is exchanged.
> >   If you really want to test imaps, then you should use imtest (included
> > with Cyrus) or OpenSSL's s_client.
> >
> > The error you are seeing most likely means that you haven't configured
> > Cyrus for SSL/TLS (tls_* options in imapd.conf).
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > # Thie file was typed in by hand to eliminate non-alphanumeric
> > # characters within it.
> > configdirectory: /var/imap
> > defaultpartition: default
> > partition-default: /var/spool/imap
> > umask: 077
> > allowanonymouslogin: no
> > allowplaintext: yes
> > quotawarn: 90
> > imapdresponse: yes
> > admins: cyrus
> > autocreatequota: 50000
> > duplicatesuppression: yes
> > mailnotifier: <no default>
> > sieveusehomedir: false
> > sievedir:/var/imap/sieve
> > sendmail: /usr/sbin/sendmail
> > postmaster: postmaster
> > sieve_maxscriptsize: 32
> > sieve_maxscripts: 5
> > sasl_maximum_layer: 256
> > sasl_minimum_layer: 0
> > sasl_pwcheck_method: sasldb2
> > sasl_auto_transition: no
> > #sasl_opiekeys: /etc/opiekeys
> > tls_cert_file: /usr/local/ssl/global.crt
> > tls_key_file: /usr/local/ssl/global.key
> > tls_imap_cert_file: /usr/local/ssl/global.crt
> > tls_imap_key_file: /usr/local/ssl/global.key
> > #tls_lmtp_cert_file: /usr/local/etc/ssl/global.crt
> > #tls_lmtp_key_file: /usr/local/etc/ssl/global.key
> > tls_session_timeout: 1440
> > #tls_ca_file: global.crt
> > #tls_ca_path: /usr/local/etc/ssl
> > deleteright: c
> > lmtpsocket: /var/imap/socket/lmtp
> > idlesocket: /var/imap/socket/idle
> > notifysocket: /var/imap/socket/notify
>
> --
> Kenneth Murchison     Oceana Matrix Ltd.
> Software Engineer     21 Princeton Place
> 716-662-8973 x26      Orchard Park, NY 14127
> --PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
>
>
>
-------------- next part --------------
Aug 25 14:46:03 mail2 imapd[57409]: TLS engine: cannot load CA data
Aug 25 14:46:03 mail2 imapd[57409]: starttls: TLSv1 with cipher AES256-SHA (256/
256 bits new) no authentication
Aug 25 14:46:03 mail2 imapd[57409]: OTP unavailable because can't read/write key
 database /etc/opiekeys: Permission denied
Aug 25 14:46:11 mail2 imapd[57409]: no user in db
Aug 25 14:46:11 mail2 imapd[57409]: client response doesn't match what we genera
ted
Aug 25 14:46:11 mail2 imapd[57409]: badlogin: localhost.familyradio.org[127.0.0.
1] DIGEST-MD5 [SASL(-13): authentication failure: client response doesn't match
what we generated]
Aug 25 14:55:38 mail2 sshd[57481]: error: PAM: Authentication token is no longer
 valid; new one required.
Aug 25 14:55:47 mail2 last message repeated 2 times
Aug 25 14:56:54 mail2 su: mallen to root on /dev/ttyp0

-------------- next part --------------
# Thie file was typed in by hand to eliminate non-alphanumeric
# characters within it.
configdirectory: /var/imap
defaultpartition: default
partition-default: /var/spool/imap
umask: 077
allowanonymouslogin: no
allowplaintext: yes
quotawarn: 90
imapdresponse: yes
admins: cyrus
autocreatequota: 50000
duplicatesuppression: yes
mailnotifier: <no default>
sieveusehomedir: false
sievedir:/var/imap/sieve
sendmail: /usr/sbin/sendmail
postmaster: postmaster
sieve_maxscriptsize: 32
sieve_maxscripts: 5
sasl_maximum_layer: 256
sasl_minimum_layer: 0
sasl_pwcheck_method: sasldb2
sasl_auto_transition: no
#sasl_opiekeys: /etc/opiekeys
tls_cert_file: /usr/local/ssl/global.crt
tls_key_file: /usr/local/ssl/global.key
tls_imap_cert_file: /usr/local/ssl/global.crt
tls_imap_key_file: /usr/local/ssl/global.key
#tls_lmtp_cert_file: /usr/local/etc/ssl/global.crt
#tls_lmtp_key_file: /usr/local/etc/ssl/global.key
tls_session_timeout: 1440
#tls_ca_file: global.crt
#tls_ca_path: /usr/local/etc/ssl
deleteright: c
lmtpsocket: /var/imap/socket/lmtp
idlesocket: /var/imap/socket/idle
notifysocket: /var/imap/socket/notify

More information about the Info-cyrus mailing list